{"id":9661,"date":"2014-03-03T20:30:06","date_gmt":"2014-03-04T01:30:06","guid":{"rendered":"http:\/\/jianmingli.com\/wp\/?p=9661"},"modified":"2014-03-31T15:27:04","modified_gmt":"2014-03-31T20:27:04","slug":"set-secure-cookie-in-apache","status":"publish","type":"post","link":"https:\/\/jianmingli.com\/wp\/?p=9661","title":{"rendered":"Set Secure and HttpOnly Cookies in Apache 2.2.4"},"content":{"rendered":"
\n

Contents<\/h2>\n
    \n\t
  1. \n\t\tSteps<\/a>\n\t<\/li>\n\t
  2. \n\t\tTest<\/a>\n\t\t
      \n\t\t\t
    1. \n\t\t\t\tBefore<\/a>\n\t\t\t<\/li>\n\t\t\t
    2. \n\t\t\t\tAfter<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t
    3. \n\t\tReferences<\/a>\n\t<\/li>\n<\/ol>\n<\/ol>\n<\/div>\n
       <\/div>\n

      Steps<\/h2><\/span>\n

      * See this post<\/a> to configure mod_jk module for Apache 2.2 and Tomcat 7
      \n* Make sure mod_headers is loaded:<\/p>\n

      \r\n# grep mod_headers.so httpd.conf\r\nLoadModule headers_module modules\/mod_headers.so\r\n<\/pre>\n
      * Add to httpd.conf
      \nHeader edit Set-Cookie ^(.*)$ $1;Secure;HttpOnly<\/em>
      \n– or to prevent duplicate HttpOnly tag:
      \nHeader edit Set-Cookie “(?i)^((?:(?!;\\s?HttpOnly).)+)$” “$1; HttpOnly”<\/em>
      \n* Restart Apache<\/p>\n
      Test<\/h2><\/span>\n
      * Install and start Fiddler2<\/p>\n
      Before<\/h3><\/span>\n
      * Point browser to http:\/\/openidmbox\/examples\/servlets\/servlet\/CookieExample<\/a><\/p>\n
      \"mod_jk_testCookie\"<\/a><\/h6><\/span>\n
      * Check Fiddler and you should see
      \nSet-Cookie: testname=testvalue<\/em><\/p>\n
      \"mod_jk_testCookie_fiddler\"<\/a><\/h6><\/span>\n
      After<\/h3><\/span>\n
      * Check Fiddler and you should see
      \nSet-Cookie: testname=testvalue;Secure;HttpOnly<\/em><\/p>\n
      \"mod_jk_testCookieHttpOnly_fiddler\"<\/a><\/h6><\/span>\n
      References<\/h2><\/span>\n
      * OWASP httpOnly<\/a>
      \n*       http:\/\/stackoverflow.com\/questions\/4998398\/add-httponly-flag-to-cookies-on-the-fly-with-apache<\/a>
      \n*       http:\/\/chandank.com\/security\/httponly-secure-cookie-apache<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
      Steps * See this post to configure mod_jk module for Apache 2.2 and Tomcat 7 * Make sure mod_headers is loaded: # grep mod_headers.so httpd.conf LoadModule headers_module modules\/mod_headers.so * Add to httpd.conf Header edit Set-Cookie ^(.*)$ $1;Secure;HttpOnly – or to … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[21],"tags":[468,469,470],"class_list":["post-9661","post","type-post","status-publish","format-standard","hentry","category-apache","tag-apache2","tag-httponly","tag-mod_headers"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8cRUO-2vP","_links":{"self":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/9661","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9661"}],"version-history":[{"count":6,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/9661\/revisions"}],"predecessor-version":[{"id":9906,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/9661\/revisions\/9906"}],"wp:attachment":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9661"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9661"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9661"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}