编辑Cookie HttpOnly值 [英] Edit Cookie HttpOnly value

问题描述

由于PCI法规的限制，我的应用程序中的大多数Cookie都必须是安全的且仅httphttp.通过在我的Apache配置文件中的这一行，我已经实现了这一点:

Due to PCI regulations, most cookies in my application need to be secure and httponly. I have achieved that through this line in my Apache config file:

标题编辑Set-Cookie ^(.*)$ $ 1; HttpOnly;安全

Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure

但是，这破坏了应用程序的一部分，在该部分中，单个cookie(我们称为foobar)必须由javascript读取.因此，我只需要删除该Cookie的httponly.

However this breaks part of the application where a single cookie, let's call it foobar, must be read by javascript. Therefore I need to remove the httponly for this cookie only.

我已经尝试了多种方法，包括mod_rewrite，但是我无法使用httponly来删除cookie.我不想重置cookie等的值，只需取下httponly部分.

I've played around with several approaches including mod_rewrite but I can't get the httponly to drop off the cookie. I don't want to reset the value of the cookie etc, just take off the httponly part.

例如标头始终编辑Set-Cookie ^(foobar =.*)$ $ 1 (无效)

E.g. Header always edit Set-Cookie ^(foobar=.*)$ $1 (doesn't work)

推荐答案

尝试一下:

Header edit Set-Cookie ^((?!foobar=).*)$ $1;HttpOnly;Secure

这篇关于编辑Cookie HttpOnly值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！