Hi Matt, On Wed, May 30, 2012 at 02:57:51PM +0100, Matt Brock wrote: > Hi. > > I have a client who needed all cookies to contain the HttpOnly flag in order > to pass a penetration test for PCI compliance. I couldn't see a way of adding > this flag to HAProxy's persistence cookies. Would it therefore be possible to > add an 'httponly' option for the 'cookie' parameter?
Yes it makes sense. I've added it now as well as the "Secure" attribute which is sometimes used too. To enable them, you'll only have to add "httponly" or "secure" on the cookie line. Regards, Willy
