jcadima
8/17/2015 - 7:26 PM

Secure cookie with HttpOnly and Secure flag in Apache

Secure cookie with HttpOnly and Secure flag in Apache

reference:
http://geekflare.com/httponly-secure-cookie-apache/

1.Ensure you have mod_headers.so enabled in Apache instance

2.Add following entry in httpd.conf :
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure

3. Restart Apache Web Server

Open your website with HTTP Watch, Live HTTP Header or HTTP Header Online tool :
http://tools.geekflare.com/seo/tool.php?id=check-headers