仅当没有 Cookie 时,如何在 Cookie 上设置安全和 HTTP 标志? ( .htaccess )
[英]How to set a Secure and HTTP Flag on a Cookie only when it doesnt have one? ( .htaccess )
问题描述
I am currently using this htaccess to add a secure and HTTPonly
我目前正在使用这个 htaccess 添加一个secure和HTTPonly
Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure"
but because one cookie on this Domain already has this flags, how can I only apply it to the ones that doesnt have it?但是因为这个域上的一个 cookie 已经有这个标志,我怎么能只将它应用到没有它的那些? Because I dont have direct access to the Server it needs to be done via a .htaccess因为我不能直接访问服务器,所以需要通过 .htaccess 来完成
2 个解决方案
解决方案1
1 2017-11-02 20:43:53
The Solution to this Question was this:这个问题的解决方案是这样的:
Header always edit Set-Cookie (.*) "$1; HttpOnly; Secure"
#Strip off double Secure or HttpOnly settings as if App and Apache sets above you can sometimes get both
Header always edit Set-Cookie (?i)^(.*);\s?Secure;?\s?(.*)?;?\s?Secure;?\s?(.*)$ "$1; $2; $3; Secure"
Header always edit Set-Cookie (?i)^(.*);\s?HttpOnly;?\s?(.*)?;?\s?HttpOnly;?\s?(.*)$ "$1; $2; $3; HttpOnly"
#Strip off double ;; settings
Header always edit* Set-Cookie (;\s?){2,} "; "
解决方案2
0 已采纳 2017-10-06 23:17:01
The following approach will check it the browser did send us the HTTPOnly and Secure Cookie.以下方法将检查浏览器是否向我们发送了 HTTPOnly 和 Secure Cookie。 If those are not include you can set it with the Header command as usual.如果不包括这些,您可以像往常一样使用 Header 命令设置它。
<If "%{HTTP_COOKIE}" !=~ "m#HTTPOnly.*Secure#">
Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure"
</If>
This is only working with apache 2.4+这仅适用于 apache 2.4+
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.