https://issues.apache.org/bugzilla/show_bug.cgi?id=44799
Summary: Allow mod_rewrite Cookie option to set secure and
HttpOnly flags
Product: Apache httpd-2
Version: 2.3-HEAD
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P4
Component: mod_rewrite
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
The Cookie option of mod_rewrite supports setting the cookie's name, value,
domain, path, and expiry date. However the original Netscape cookie
specification [1] also supports the "secure" flag. Internet Explorer 6 SP1
introduced the HttpOnly flag [2] for cookies that are not accessible to
JavaScript code, a feature which is now also supported by Firefox 2 and newser.
The attached patch adds support for these two flags, changing the formal
signature of the cookie option as follows:
cookie|CO=NAME:VAL:domain[:lifetime[:path[:secure[:httponly]]]]
Examples:
CO=name:value:.example.com:0:/:true
CO=name:value:.example.com:0:/:false
CO=name:value:.example.com:0:/:1:HttpOnly
CO=name:value:.example.com:0:/:0:HttpOnly
In my opinion this would be a useful addition to mod_rewrite and should not
break existing applications.
[1] http://wp.netscape.com/newsref/std/cookie_spec.html
[2] http://msdn2.microsoft.com/en-us/library/ms533046.aspx
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
