Secure and HTTPOnly Flags to Every Set-Cookie in Apache

How to make all cookies secure for ssl connection?

.htaccess

Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure"

or you can do it seperately by declaring one by one:

<IfModule mod_headers.c>
Header always edit Set-Cookie (.*) "$1; HTTPOnly"
Header always edit Set-Cookie (.*) "$1; Secure"
</IfModule>

Leave a Reply

Your email address will not be published. Required fields are marked *