Options
aFleX for cookies httponly with one exception
Hello,
I need to make a script aFleX for cookies with flag HTTPonly with one exception for cookie with name LID.
I tried to use aFleX like below:
when HTTP_RESPONSE {
if {([HTTP::header exists "Set-Cookie"] and [HTTP::cookie contains "LID"])} {
set cookie_value [HTTP::cookie "TestCookie1"]
HTTP::cookie remove "TestCookie1"
HTTP::header insert "Set-Cookie" "TestCookie1=$cookie_value; secure"
} elseif {[HTTP::header exists "Set-Cookie"]} {
set cookie_value [HTTP::cookie "TestCookie"]
HTTP::cookie remove "TestCookie"
HTTP::header insert "Set-Cookie" "TestCookie=$cookie_value; HttpOnly"
}
}
but it doesn't work - every cookies don't have the flag HTTPonly (secure)
I need to make a script aFleX for cookies with flag HTTPonly with one exception for cookie with name LID.
I tried to use aFleX like below:
when HTTP_RESPONSE {
if {([HTTP::header exists "Set-Cookie"] and [HTTP::cookie contains "LID"])} {
set cookie_value [HTTP::cookie "TestCookie1"]
HTTP::cookie remove "TestCookie1"
HTTP::header insert "Set-Cookie" "TestCookie1=$cookie_value; secure"
} elseif {[HTTP::header exists "Set-Cookie"]} {
set cookie_value [HTTP::cookie "TestCookie"]
HTTP::cookie remove "TestCookie"
HTTP::header insert "Set-Cookie" "TestCookie=$cookie_value; HttpOnly"
}
}
but it doesn't work - every cookies don't have the flag HTTPonly (secure)
Tagged:
0
Comments
If a cookie with secure flag transmitted by http, the browser would ignore the cookie.