Skip to main content
ExLibris
  • Subscribe by RSS
    • Back
    Aleph
    Ex Libris Knowledge Center

    Configure Secure Cookies Creation in Apache

    1. Last updated
    2. Save as PDF

     

    • Product: Aleph
    • Product Version: 20, 21, 22, 23
    • Relevant for Installation Type: Dedicated-Direct, Direct, Local, Total Care

     

    Desired Outcome Goal:
    Set Apache to add secure and httpOnly flags to cookies created by Apache

     

    Procedure:
    1. Add this line to httpd.conf file: 
    Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;secure 

    2. In find-b, add the secure attribute to the JavaScript set cookie:
    function setCookie() { document.cookie = "ALEPH_SESSION_ID = $SESS; path = /; secure"; } 
    HttpOnly can't be used since by definition this is a cookie set by JavaScript

    3. Restart www_server and Apache
     

    Additional Information

    * Apache must be using SSL.
    * The always condition is required when editing headers set by CGI scripts.

     

     

    • Article last edited: 15-May-2016
    1. Back to top
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Language
      English
      Product
      Aleph
    2. Tags
      1. Apache
      2. cookies