Skip to main content
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Configure Secure Cookies Creation in Apache


    • Product: Aleph
    • Product Version: 20, 21, 22, 23
    • Relevant for Installation Type: Dedicated-Direct, Direct, Local, Total Care


    Desired Outcome Goal:
    Set Apache to add secure and httpOnly flags to cookies created by Apache


    1. Add this line to httpd.conf file: 
    Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;secure 

    2. In find-b, add the secure attribute to the JavaScript set cookie:
    function setCookie() { document.cookie = "ALEPH_SESSION_ID = $SESS; path = /; secure"; } 
    HttpOnly can't be used since by definition this is a cookie set by JavaScript

    3. Restart www_server and Apache

    Additional Information

    * Apache must be using SSL.
    * The always condition is required when editing headers set by CGI scripts.



    • Article last edited: 15-May-2016
    • Was this article helpful?