1

Is it possible to modify cookies when using nginx as a reverse proxy similar to what Set-Cookie does in apache?

I have a web application that sets session cookies and I wish to append the HttpOnly flag to them before they are served by nginx. Unfortunatly I cannot modify the source code of the application to do it there.

AdamW
  • 236
  • 2
  • 7
  • 2
    Possible duplicate of http://serverfault.com/questions/278319/how-to-rewrite-the-domain-part-of-set-cookie-in-a-nginx-reverse-proxy. Seems to be that the same "It's not possible" and methods for resolving it apply. – Kyle Smith Apr 01 '12 at 21:50
  • didn't tried it, but I suppose that you can modify the header via http://wiki.nginx.org/HttpHeadersMoreModule – hellvinz May 23 '12 at 09:32

1 Answers1

2

You can always use add_header to add one, but even if you parse cookies coming down from backend looking at the http_cookie variable, you won't be able to modify them using vanilla nginx.

What you could use however is the 3rd-party Lua module. The link provided by Kyle Sith has an answer containg a small code snippet manipulating cookies (https://serverfault.com/a/448887/140131).

Community
  • 1
Bernard Rosset
  • 1,323
  • 12
  • 24