Re: [squid-users] Can squid modify header by adding httponly flag to cookie ?

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Wed, 27 Feb 2013 15:27:40 -0700

On 02/27/2013 11:36 AM, Jeannette Brown wrote:

> Old web app server does not know how to add httpOnly flag to session cookie.
>
> Squid 2.7 is used in front of web app server in reverse proxy mode.

Squid cannot modify header by adding httponly flag to an existing cookie
value, but you can use an eCAP adapter (Squid v3 only) or an ICAP
service (heavy) to do that. For more info, see
  http://wiki.squid-cache.org/SquidFaq/ContentAdaptation

FWIW, Squid v3.3 has almost enough code to support this via a helper or
even pure squid.conf magic, but I think we are missing
response_header_add and possibly other small bits.

HTH,

Alex.
Received on Wed Feb 27 2013 - 22:27:43 MST

This archive was generated by hypermail 2.2.0 : Thu Feb 28 2013 - 12:00:04 MST