On 02/27/2013 11:36 AM, Jeannette Brown wrote:
> Old web app server does not know how to add httpOnly flag to session cookie.
>
> Squid 2.7 is used in front of web app server in reverse proxy mode.
Squid cannot modify header by adding httponly flag to an existing cookie
value, but you can use an eCAP adapter (Squid v3 only) or an ICAP
service (heavy) to do that. For more info, see
http://wiki.squid-cache.org/SquidFaq/ContentAdaptation
FWIW, Squid v3.3 has almost enough code to support this via a helper or
even pure squid.conf magic, but I think we are missing
response_header_add and possibly other small bits.
HTH,
Alex.
Received on Wed Feb 27 2013 - 22:27:43 MST
This archive was generated by hypermail 2.2.0 : Thu Feb 28 2013 - 12:00:04 MST