: Using mod_rewrite to access httpOnly cookie? I have Apache running as a secure proxy (Port 443) between an HTTPS site and the rest of the world. This site is setting a secure, httpOnly cookie.
I have Apache running as a secure proxy (Port 443) between an HTTPS site and the rest of the world. This site is setting a secure, httpOnly cookie. The cookie when seen in a trace shows up in a response packet shown below:
... Other headers
Content-Length: 366
Set-Cookie: Cookie=!bZ..mumbojumbo..; Secure; path=/; Httponly; Secure
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
.... Other content
I have the http-ssl.conf setup the following way:
#Set the Our NEW Cookie to the content of secure cookie present.
RewriteCond %{HTTP_COOKIE} Cookie=([^;]+) [NC]
RewriteRule ^(.*)$ / [L,CO=NewCookie:%1:our.proxy.com:1440:/]
On the response, I am not able to see this rule trigger [NewCookie is not set]
Does mod_rewrite explicitly forbid access to httpOnly cookie?
More posts by @Shanna517
1 Comments
Sorted by latest first Latest Oldest Best
On the response, I am not able to see this rule trigger [NewCookie is not set]
mod_rewrite only works on the request. So you can't check for the Cookie being set on the response, if that is what you are trying to do?
If your mod_rewrite directives don't appear to be doing anything against the request sent from the client then it would seem either the cookie is not being sent back, or it is failing to set the NewCookie (eg. client rejects it because of domain mismatch?)
You could perhaps check to see if your directive is being processed, by setting an environment variable and checking for the existence of this in your server-side code. For example:
[L,CO=NewCookie:%1:our.proxy.com:1440:/,E=TRIED_TO_SET_COOKIE:YES]
RewriteRule ^(.*)$ /
Note that if you just want to set the cookie, without any URL rewriting then simply use - (hyphen) as the substitution (special feature). This can then be simplified to:
RewriteRule ^ -
Question: Does mod_rewrite explicitly forbid access to httpOnly cookie?
No. mod_rewrite will see the cookie if it is sent in the request.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.