Questions tagged [cookie]
43 questions
19
votes
2 answers
What is a cookie-free domain?
What is a cookie-free domain? I've seen these words many times but I never understood what it is.
Alon Gubkin
- 666
- 3
- 7
- 12
15
votes
4 answers
Controlling Nginx proxy target using a cookie?
I'm trying to convert a reverse proxy using an interesting Apache mod_rewrite setup to use Nginx instead (due to external concerns we are moving from Apache to Nginx, and most everything works fine except this part).
My original setup was to read an…
Guss
- 2,520
- 5
- 32
- 55
7
votes
1 answer
Is it permissible for an intermediate proxy to add cookies during proxy authentication?
I recently encountered a certain security appliance (BlueCoat) which requires that all connections to the internet must be proxied through it (hello there, man-in-the-middle) and accordingly uses a special SSL certificate to intercept all…
Patrick
- 313
- 3
- 10
5
votes
1 answer
HttpOnly and secure cookies with Apache mod_header for all cookies
I'm using Apache 2.2.29 for a website. The apache works both to serve pages from Drupal, and as reverse proxy to an internal application server. For security reasons we want to add the flags HttpOnly and secure to all cookies send to the clients. In…
Jose L Martinez-Avial
- 185
- 1
- 3
- 7
5
votes
1 answer
How to not redirect when cookie is set in haproxy?
On my site I redirect users with mobile devices to a mobile site using my Haproxy loadbalancer. I got some complaints about that and want to offer the users a link back to the "classic" portal. As not all sub-pages are available in a mobile format I…
OpenHaus
- 71
- 2
- 6
4
votes
1 answer
Changing a Set-Cookie header using mod_rewrite/mod_proxy
I have a bunch of CGI scripts, which are served using HTTPS. They can only be reached on the intranet, not from the outside. They set a cookie with the attribute 'Secure', so that it can only be send via HTTPS. There is also a reverse proxy to one…
olrehm
- 191
- 2
- 8
3
votes
1 answer
Remove cookies by cookie name in nginx reverse proxy
I am fairly new to nginx and I am trying to set it up as a reverse proxy server. So far I have apache working as a backend server on 8080 and nginx on port 80.
My website uses a lot of cookies which I have no control on... I am using Expression…
Martin Taleski
- 363
- 3
- 5
- 14
3
votes
3 answers
Carrying cookies across redirects when using Apache as a reverse proxy
I'm attempting to setup a reverse proxy using Apache on my local machine, I have the following in my httpd.conf:
ProxyPass /app http://x.com
ProxyPassReverse /app http://x.com
Everything works great and browsing to 127.0.0.1/app/* works as…
dbotha
- 133
- 1
- 4
3
votes
1 answer
In an IIS Log what does "..." mean in a "cs(Cookie)" column?
I've checked MSDN, and the W3C format, but nothing seems to explain what causes IIS to output "..." in the "cs(Cookie)" column.
My assumption is that the cookie is "too big", but I'd like to know for sure and also what is the limit before IIS…
Paul Sainsbury
- 151
- 5
2
votes
2 answers
PHP session timeout
I'm having some troubles with the session timeout in a PHP application, I suspect the timeout is given by code but I prefer checking the infrastructure first. The application I'm running is pure PHP 5.6 on Apache behind a classic LB in AWS. Devs…
nikolaigauss
- 53
- 1
- 10
2
votes
1 answer
HTTP and cookies working with multiple severs
Assuming that a simplified diagram of an HTTP/1.1 connection in which the client makes a page and an image request with a cookie assignment can be reduced to this:
(Time trasmission of the second request is not that insignificant, it varies…
presgiovanni
- 23
- 3
2
votes
1 answer
Nginx: add domain into cookie
There is a directive in nginx - proxy_cookie_domain which allows to REPLACE the domain. But my problem is how to ADD the domain substring into the proxied cookies? The backend unfortunately doesn't set this part of the cookie.
tigreavecdesailes
- 21
- 1
2
votes
1 answer
Setting up Nginx -- redirecting requests to a auth server and getting redirected back to serve the request
Any incoming request on (x.x.x.x.x)--> redirect to x.x.x.x.auth.domain.edu -- > that authenticates a user and redirects back to x.x.x.x server. (With a cookie set, In my case it is EZproxy server doing the cookie setting)
I have tried rewriting the…
Anup
- 121
- 3
1
vote
1 answer
How to protect against session hijacking in Flask
So, i'm developing a Flask web-app and i wanted to test its security since i've implemented the following:
SSL Cert with cookies being securely transmitted
CSRF token to avoid CSRF attacks
Cookie validation, to avoid cookie modification
Cookie are…
Cesar Cuevas
- 23
- 3
1
vote
1 answer
Apache reverse proxy - ProxyPassReverseCookieDomain not seeming to work
I can't seem to get the Apache directive ProxyPassReverseCookieDomain to actually rewrite the domain.
My directive is set as such:
ProxyPassReverseCookieDomain "myinternalproxydomain.com" "thepublicdomain.com"
I use the Network tab in a browser and…
mminnie
- 35
- 1
- 2
- 6