编辑Cookie HttpOnly值 [英] Edit Cookie HttpOnly value
问题描述
由于PCI法规的限制,我的应用程序中的大多数Cookie都必须是安全的且仅httphttp.通过在我的Apache配置文件中的这一行,我已经实现了这一点:
Due to PCI regulations, most cookies in my application need to be secure and httponly. I have achieved that through this line in my Apache config file:
标题编辑Set-Cookie ^(.*)$ $ 1; HttpOnly;安全
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
但是,这破坏了应用程序的一部分,在该部分中,单个cookie(我们称为foobar)必须由javascript读取.因此,我只需要删除该Cookie的httponly.
However this breaks part of the application where a single cookie, let's call it foobar, must be read by javascript. Therefore I need to remove the httponly for this cookie only.
我已经尝试了多种方法,包括mod_rewrite,但是我无法使用httponly来删除cookie.我不想重置cookie等的值,只需取下httponly部分.
I've played around with several approaches including mod_rewrite but I can't get the httponly to drop off the cookie. I don't want to reset the value of the cookie etc, just take off the httponly part.
例如标头始终编辑Set-Cookie ^(foobar =.*)$ $ 1 (无效)
E.g. Header always edit Set-Cookie ^(foobar=.*)$ $1 (doesn't work)
推荐答案
尝试一下:
Header edit Set-Cookie ^((?!foobar=).*)$ $1;HttpOnly;Secure
这篇关于编辑Cookie HttpOnly值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!