Forum List Message List New Topic Print View

Valentin V. Bartenev

March 12, 2013 03:02AM

On Tuesday 12 March 2013 01:54:01 kalpesh.patel@glgroup.com wrote:
> http-only and secure are directives intended for browser. If the browser
> doesn't detect HTTP proto for http-only setting and SSL for secure setting
> then browser will drop the cookie and will never make it to the web server.
>

Thank you, I know what "HttpOnly" and "Secure" are. But, please, note that
these attributes are sent via Set-Cookie header from a web-server *response*,
while the question was:

> to check if a given a cookie is present and it is http-only and secure,
> otherwise, reject the request with a 404".

There's no way since they do not present in requests.

wbr, Valentin V. Bartenev

--
http://nginx.org/en/donation.html

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
How to check the existence of a http-only secure cookie	mrtn	February 20, 2013 05:10PM
Re: How to check the existence of a http-only secure cookie	Francis Daly	February 20, 2013 05:24PM
Re: How to check the existence of a http-only secure cookie	mrtn	February 21, 2013 08:27AM
Re: How to check the existence of a http-only secure cookie	Valentin V. Bartenev	February 21, 2013 08:42AM
Re: How to check the existence of a http-only secure cookie	kalpesh.patel@glgroup.com	March 11, 2013 05:54PM
Re: How to check the existence of a http-only secure cookie	Valentin V. Bartenev	March 12, 2013 03:02AM
Re: How to check the existence of a http-only secure cookie	kalpesh.patel@glgroup.com	March 12, 2013 01:38PM