how to set HttpOnly and Secure flag set in apache2.4.6 and tomcat

Question

I have an apache2.4.6 and dotcms2.3.2 in suselinux. I want to set httponly and secure falg in dotcms and tomcat . I set these configurations in apache and tomcat: <Context useHttpOnly="true"> in context.xml <Connector maxThreads="400" connectionTimeout="3000" port="8080" protocol="HTTP/1.1" redirectPort="8443" URIEncoding="UTF-8" secure="true" /> in server.xml

Header edit Set-Cookie ^(.*)$ $1;HttpOnly

or

Header set Set-Cookie HttpOnly;Secure

in httpd.conf.

after that restart tomcat and test with burp suite , but it does't set in cookie .

Salam:-D `Header edit Set-Cookie ^(.*)$ $1;HttpOnly` should work unless **mod_headers** is not installed! or header doesn't exist! — undone, Dec 22 '13 at 07:54

score -4 · Answer 1 · edited Jul 25 '17 at 05:42

-4

Header set Set-Cookie HttpOnly;Secure

in httpd.conf works.

edited Jul 25 '17 at 05:42

ɢʀᴜɴᴛ

32,025
15
116
110

answered Jul 24 '17 at 23:34

Ferris

51
2

2

It overwrites session cookies. – Biswadip Dey Oct 13 '17 at 15:15

how to set HttpOnly and Secure flag set in apache2.4.6 and tomcat

1 Answers1