• Product: Aleph
• Product Version: 20, 21, 22, 23
• Relevant for Installation Type: Dedicated-Direct, Direct, Local, Total Care

Desired Outcome Goal:
Set Apache to add secure and httpOnly flags to cookies created by Apache

Procedure:
1. Add this line to httpd.conf file: 
Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;secure 

2. In find-b, add the secure attribute to the JavaScript set cookie:
function setCookie() { document.cookie = "ALEPH_SESSION_ID = $SESS; path = /; secure"; } 
HttpOnly can't be used since by definition this is a cookie set by JavaScript

3. Restart www_server and Apache
 

Additional Information

* Apache must be using SSL.
* The always condition is required when editing headers set by CGI scripts.

• Article last edited: 15-May-2016