Willy, Is this for the 1.5dev branch or for 1.4.x+ as well? Thanks,
Bryan Lofland IT Manager of Infrastructure, LSR Thermo Scientific Genomics Thermo Fisher Scientific 2650 Crescent Dr. Suite 100 Lafayette, CO 80026 Office: 303-604-3201 Mobile/BlackBerry: 303-437-2415 [email protected] http://www.thermo.com/lsr -----Original Message----- From: Willy Tarreau [mailto:[email protected]] Sent: Thursday, May 31, 2012 1:05 PM To: Matt Brock Cc: [email protected] Subject: Re: HttpOnly flag for persistence cookies Hi Matt, On Wed, May 30, 2012 at 02:57:51PM +0100, Matt Brock wrote: > Hi. > > I have a client who needed all cookies to contain the HttpOnly flag in order > to pass a penetration test for PCI compliance. I couldn't see a way of adding > this flag to HAProxy's persistence cookies. Would it therefore be possible to > add an 'httponly' option for the 'cookie' parameter? Yes it makes sense. I've added it now as well as the "Secure" attribute which is sometimes used too. To enable them, you'll only have to add "httponly" or "secure" on the cookie line. Regards, Willy
