On Tuesday 12 March 2013 01:54:01 kalpesh.pa...@glgroup.com wrote:
> http-only and secure are directives intended for browser. If the browser
> doesn't detect HTTP proto for http-only setting and SSL for secure setting
> then browser will drop the cookie and will never make it to the web server.
>
http-only and secure are directives intended for browser. If the browser
doesn't detect HTTP proto for http-only setting and SSL for secure setting
then browser will drop the cookie and will never make it to the web server.
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,236394,237245#m
On Thursday 21 February 2013 17:27:58 mrtn wrote:
> i see. since you mentioned it, is there any way to check for http-only and
> secure properties of a cookie using nginx?
There are no such properties in the Cookie request header.
wbr, Valentin V. Bartenev
--
http://nginx.com/support.html
http
i see. since you mentioned it, is there any way to check for http-only and
secure properties of a cookie using nginx? In other words, combined with the
original question above, i want to check if a given a cookie is present and
it is http-only and secure, otherwise, reject the request with a 404.
On Wed, Feb 20, 2013 at 05:10:26PM -0500, mrtn wrote:
> I have a http-only and secure (ssl) cookie, and I want nginx to check
> whether this cookie exists in a request, if not, reject it by serving a 404
> page. This is just a preliminary check, so I don't care about the actual
> value in the cooki
I have a http-only and secure (ssl) cookie, and I want nginx to check
whether this cookie exists in a request, if not, reject it by serving a 404
page. This is just a preliminary check, so I don't care about the actual
value in the cookie.
So far I've tried this: if ($http_cookie !~* "cookie_name=