All files from this thread

File Name	File Size		Posted by	Date
Snap156.gif	16 KB	open | download	Gerard Mattison	11/19/2016	Read message

On Sat, Nov 19, 2016 at 01:08:24PM -0800, Gerard Mattison wrote:

Hi there,

> One of the issue I having is that when I ran a vulnerability assessment,
> the "route" cookie is coming up as not secure.

It looks like the cookie should be secure.

Is there any change that you used this browser to access this server;
then reconfigured the server to add the "secure" options and reloaded
the config; and then refreshed the page in the browser?

If so, that would explain it -- you have to arrange that the browser
removes the previous session cookie (for example, by closing the browser
or just by deleting the cookie). If the browser presents a cookie,
the server will not send a new one.

And it is only the new one that will be marked "Secure" or not.

Good luck with it,

f
--
Francis Daly francis@daoine.org

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx