Highest Voted 'cookies' Questions - Server Fault Stack Exchange

5

votes

2 answers

How to add recently set cookies to nginx's access log

I'd like to include cookie data in an nginx access log like so: (simplified example) log_format foo '$remote_addr "$request" $cookie_bar'; access_log /var/log/nginx/access.log foo; This works great on requests that already have a cookie "bar", but…

nginx log-files cookies

asked Jan 18 '11 at 00:18

etoleb

201
1
2
5

5

votes

1 answer

Cannot get IIS7 to send cookies to IE

I have a web application that I have created that uses the basic asp.net authentication. The authentication systems are working fine code-wise, however I cannot get IIS7 to send the cookies to IE web browsers. When I browse to my site in Chrome…

iis-7 asp.net internet-explorer cookies cookieless

asked Jul 16 '10 at 18:34

KallDrexx

306
1
3
12

4

votes

1 answer

Nginx proxy cookies not set

Here's my situation, I have a Rails 4 app that can be accessed by multiple domains, depending on the domain, the content changes. Say the main domain is domain1 and all the other domains just use Nginx's proxy_pass to forward the requests to…

nginx proxypass cookies

asked Nov 05 '18 at 22:38

Julien

242
1
3
13

4

votes

1 answer

Cookie Authentication in Apache

I'm trying to set up a reverse proxy in Apache. The user will be required to log in, and will then be sent a cookie. I want Apache to check the cookie. Is there a way to do this? EG, right now my config looks like this: #…

apache-2.2 security authentication reverse-proxy cookies

asked Sep 04 '09 at 20:00

user19084

143
1
4

4

votes

1 answer

Setting the secure flag on cookies from Outlook Web Access

I'm running Exchange 2007 SP3 which is exposing outlook web access over only HTTPS. However the server delivers the sessionid cookie without the secure flag set. Even though I don't have port 80 open, this cookie is still vulnerable to being stolen…

security exchange-2007 cookies outlook-web-app

asked Jun 26 '12 at 12:39

Cheekysoft

427
1
4
12

4

votes

2 answers

non-www domains prevent hosting of static content on the same domain, correct?

Flaw to using non-www domain a canonical? I love the idea of short, clean urls like example.com over www.example.com, and certainly whichever one is used should redirect to the other. However, as I have researched the matter over time, I've come to…

cookies static-content

asked May 03 '11 at 19:44

Kzqai

1,278
4
18
32

4

votes

5 answers

Mitigating the 'firesheep' attack at the network layer?

What are the sysadmin's thoughts on mitigating the 'firesheep' attack for servers they manage? Firesheep is a new firefox extension that allows anyone who installs it to sidejack session it can discover. It does it's discovery by sniffing packets on…

web-applications cookies security

asked Oct 25 '10 at 17:37

pobk

275
1
7

4

votes

1 answer

Does apache have a limit to cookie size?

A application bug caused us to set a cookie that's too large. Clients get an error that happens prior to our application being executed (mod_python). Are there any adjustable limits within apache for how large a cookie header can be ? Within apache…

apache-2.2 cookies

asked Jul 23 '10 at 18:53

rhettg

231
1
2
6

4

votes

2 answers

Http-Only cookies in WebLogic: what versions support them/how and why are they supported?

We want to make all cookies set by our webapp http-only. I only have a basic understanding of the benefits of doing this but I'm told by security people that it's a Good Thing (tm) Our app is running under JDK1.6.05 and WebLogic10.3.0 After way too…

java weblogic cookies web-applications

asked Jun 14 '10 at 16:01

John

3

votes

1 answer

What is the difference between http_cookie and cookie_name in Nginx?

I want to add remote ip as a Cookie in Nginx, so that it can be passed on to AWS Load Balancer for Load balancer stickiness. location / { proxy_set_header Cookie "$http_cookie; ip=$remote_addr"; proxy_pass http://app_upstream; } I am…

nginx reverse-proxy amazon-elb cookies http-cookie

asked Sep 06 '17 at 19:30

Ashok Kumar Sahoo

133
1
1
3

3

votes

2 answers

Nginx reverse proxy - remove "Secure" from cookies

For the sake of development I need to make NGINX drop "Secure" flag from cookie headers. Set-Cookie:XSRF-TOKEN=zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzz; Path=/; Secure should become Set-Cookie:XSRF-TOKEN=zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzz; Path=/; For each…

nginx reverse-proxy cookies

asked May 31 '17 at 14:46

Juriy

140
1
7

3

votes

0 answers

CloudFront + S3 Access Denied Using Signed Cookies

I'm trying to integrate signed cookies for a CloudFront distribution that's fed off of an S3 bucket but getting access denied error messages: AccessDenied Access Denied BLAH…

amazon-s3 amazon-cloudfront cookies

asked Aug 24 '15 at 14:42

YLivay

31
3

3

votes

1 answer

haproxy maxconn and cookie sessions

i have any instances under an haproxy loadbalancer. i am using the haproxy cookies to make each client connect to the same server troughout his whole session. now the thing is, I would like to setup the maxconn variable in haproxy to the limit that…

haproxy cookies

asked May 02 '12 at 13:44

carmelo arena

143
3

3

votes

2 answers

Where can I report an issue with ASP.NET Browsers File?

While working with an ASP.NET application on Chrome for Android I discovered that Request.Browser.Cookies returns False for that browser (despite the browser supporting cookies). Based on what I've read, this indicates a problem with the database…

asp.net cookies bug

asked Apr 13 '12 at 20:08

Nathan Taylor

240
3
11

3

votes

1 answer

Apache mod_cache: Strip/ignore (only) Google Analytics cookies

Varnish has the possibility to strip certain cookies from the request before deciding if a request is non-cachable because it contains cookies. Is there such a thing for Apache's mod_cache? Consider this situation: Apache 2.2 is a reverse proxy with…

apache-2.2 cookies mod-cache

asked Apr 05 '12 at 14:38

Paul

1,918
4
18
24

Questions tagged [cookies]