How do I add the __Secure prefix in this .htaccess line?

Question

Sorry, I'm not an Apache expert.

I need to add the __Secure prefix to this htaccess line:

Header onsuccess edit Set-Cookie (.*) "$1; SameSite=Strict; Secure"

is this possible? How?

@EsaJokinen Sorry, I meant Apache because of the usage of htaccess files — Life after Guest, Dec 18 '22 at 14:17

Aubs · Answer 1 · 2022-12-21T20:58:45.800

1

ORIGINAL RESPONSE

Does this give you the information you need:

https://geekflare.com/httponly-secure-cookie-apache/

Implementation Procedure in Apache
Ensure you have mod_headers.so enabled in Apache HTTP server
Add following entry in httpd.conf:
Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Restart Apache HTTP server to test

UPDATE 2022-12-21 @ 20:58GMT

Guidance on this site indicates the format to be Set-Cookie: __Secure-ID=123; Secure; Domain=example.com; HttpOnly

Also following MDN syntax, from your example, I would expect you need:

Header onsuccess edit Set-Cookie (.*) "__Secure-$1; SameSite=Strict; Secure"

You might also want to add in ; HttpOnlystrong text too at the end.

Header onsuccess edit Set-Cookie (.*) "__Secure-$1; SameSite=Strict; Secure; HttpOnly"

edited Dec 21 '22 at 20:58

answered Dec 18 '22 at 15:02

Aubs

26
4

This does not add the __Secure prefix – Life after Guest Dec 19 '22 at 09:54
1

[This](https://webhint.io/docs/user-guide/hints/hint-validate-set-cookie-header/) site is probably useful: `Set-Cookie: __Secure-ID=123; Secure; Domain=example.com; HttpOnly`, as is the [MDN syntax](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#syntax), so in your example, I would expect you need `Header onsuccess edit Set-Cookie (.*) "__Secure-$1; SameSite=Strict; Secure"` - You might also want to add in `; HttpOnly` too at the end. – Aubs Dec 19 '22 at 22:44

How do I add the __Secure prefix in this .htaccess line?

1 Answers1