Highest Voted 'cookie' Questions - Server Fault Stack Exchange

19

votes

2 answers

What is a cookie-free domain?

What is a cookie-free domain? I've seen these words many times but I never understood what it is.

asked Oct 24 '09 at 20:25

Alon Gubkin

666
3
7
12

15

votes

4 answers

Controlling Nginx proxy target using a cookie?

I'm trying to convert a reverse proxy using an interesting Apache mod_rewrite setup to use Nginx instead (due to external concerns we are moving from Apache to Nginx, and most everything works fine except this part). My original setup was to read an…

nginx mod-rewrite reverse-proxy cookie

asked May 11 '11 at 15:23

Guss

2,520
5
32
55

7

votes

1 answer

Is it permissible for an intermediate proxy to add cookies during proxy authentication?

I recently encountered a certain security appliance (BlueCoat) which requires that all connections to the internet must be proxied through it (hello there, man-in-the-middle) and accordingly uses a special SSL certificate to intercept all…

proxy http http-headers cookie

asked Nov 15 '17 at 15:32

Patrick

313
3
10

5

votes

1 answer

HttpOnly and secure cookies with Apache mod_header for all cookies

I'm using Apache 2.2.29 for a website. The apache works both to serve pages from Drupal, and as reverse proxy to an internal application server. For security reasons we want to add the flags HttpOnly and secure to all cookies send to the clients. In…

apache-2.2 cookie

asked Nov 20 '14 at 23:00

Jose L Martinez-Avial

185
1
3
7

5

votes

1 answer

How to not redirect when cookie is set in haproxy?

On my site I redirect users with mobile devices to a mobile site using my Haproxy loadbalancer. I got some complaints about that and want to offer the users a link back to the "classic" portal. As not all sub-pages are available in a mobile format I…

load-balancing redirect haproxy mobile-devices cookie

asked Dec 14 '11 at 19:24

OpenHaus

71
2
6

4

votes

1 answer

Changing a Set-Cookie header using mod_rewrite/mod_proxy

I have a bunch of CGI scripts, which are served using HTTPS. They can only be reached on the intranet, not from the outside. They set a cookie with the attribute 'Secure', so that it can only be send via HTTPS. There is also a reverse proxy to one…

apache-2.2 mod-rewrite mod-proxy cookie

asked Jul 09 '12 at 08:42

olrehm

191
2
8

3

votes

1 answer

Remove cookies by cookie name in nginx reverse proxy

I am fairly new to nginx and I am trying to set it up as a reverse proxy server. So far I have apache working as a backend server on 8080 and nginx on port 80. My website uses a lot of cookies which I have no control on... I am using Expression…

nginx reverse-proxy cookie

asked Dec 29 '12 at 20:45

Martin Taleski

363
3
5
14

3

votes

3 answers

Carrying cookies across redirects when using Apache as a reverse proxy

I'm attempting to setup a reverse proxy using Apache on my local machine, I have the following in my httpd.conf: ProxyPass /app http://x.com ProxyPassReverse /app http://x.com Everything works great and browsing to 127.0.0.1/app/* works as…

apache-2.2 proxy reverse-proxy cookie

asked Aug 16 '11 at 15:20

dbotha

133
1
4

3

votes

1 answer

In an IIS Log what does "..." mean in a "cs(Cookie)" column?

I've checked MSDN, and the W3C format, but nothing seems to explain what causes IIS to output "..." in the "cs(Cookie)" column. My assumption is that the cookie is "too big", but I'd like to know for sure and also what is the limit before IIS…

log-files iis cookie

asked May 14 '10 at 15:12

Paul Sainsbury

151
5

2

votes

2 answers

PHP session timeout

I'm having some troubles with the session timeout in a PHP application, I suspect the timeout is given by code but I prefer checking the infrastructure first. The application I'm running is pure PHP 5.6 on Apache behind a classic LB in AWS. Devs…

php amazon-web-services timeout session cookie

asked Jul 24 '18 at 00:32

nikolaigauss

53
1
10

2

votes

1 answer

HTTP and cookies working with multiple severs

Assuming that a simplified diagram of an HTTP/1.1 connection in which the client makes a page and an image request with a cookie assignment can be reduced to this: (Time trasmission of the second request is not that insignificant, it varies…

http cookie

asked Nov 07 '16 at 15:34

presgiovanni

23
3

2

votes

1 answer

Nginx: add domain into cookie

There is a directive in nginx - proxy_cookie_domain which allows to REPLACE the domain. But my problem is how to ADD the domain substring into the proxied cookies? The backend unfortunately doesn't set this part of the cookie.

nginx cookie

asked Oct 27 '15 at 17:13

tigreavecdesailes

21
1

2

votes

1 answer

Setting up Nginx -- redirecting requests to a auth server and getting redirected back to serve the request

Any incoming request on (x.x.x.x.x)--> redirect to x.x.x.x.auth.domain.edu -- > that authenticates a user and redirects back to x.x.x.x server. (With a cookie set, In my case it is EZproxy server doing the cookie setting) I have tried rewriting the…

nginx proxy reverse-proxy cookie

asked Apr 13 '14 at 17:51

Anup

121
3

1

vote

1 answer

How to protect against session hijacking in Flask

So, i'm developing a Flask web-app and i wanted to test its security since i've implemented the following: SSL Cert with cookies being securely transmitted CSRF token to avoid CSRF attacks Cookie validation, to avoid cookie modification Cookie are…

security python flask cookie http-cookie

asked Jul 15 '19 at 19:22

Cesar Cuevas

23
3

1

vote

1 answer

Apache reverse proxy - ProxyPassReverseCookieDomain not seeming to work

I can't seem to get the Apache directive ProxyPassReverseCookieDomain to actually rewrite the domain. My directive is set as such: ProxyPassReverseCookieDomain "myinternalproxydomain.com" "thepublicdomain.com" I use the Network tab in a browser and…

apache-2.4 proxy cookie

asked Jul 08 '18 at 01:56

mminnie

35
1
2
6

Questions tagged [cookie]