Questions tagged [http-cookie]

23 questions
6
votes
2 answers

How to make Varnish ignore, not delete cookies

I want to use Varnish to cache certain pages even in the presence of cookies. There are 3 possibilities that I need to take care of: An anonymous user is viewing some page A logged in user is viewing some page with light customization. These…
Jason Christa
  • 622
  • 4
  • 11
  • 21
4
votes
4 answers

Adding "HttpOnly" and "Secure" cookie flags on Nginx & PHP

I have Nginx running with PHP and WordPress. Acunetix recommends setting these flags, but they provide no documentation. I have looked around a bit, but I have not seen anything that shows exactly how to implement this. I have this module:…
DrDinosaur
  • 323
  • 2
  • 3
  • 11
4
votes
2 answers

checking and reading cookies with nginx

I can't find many resources on how to manage cookies with Nginx… I've seen that two variables are relatives to cookies, that is $http_cookies and $cookie_COOKIENAME. Anyway, I absolutely don't know how to read a cookie with Nginx. For exemple, i'd…
Buzut
  • 765
  • 3
  • 9
  • 23
3
votes
1 answer

What is the difference between http_cookie and cookie_name in Nginx?

I want to add remote ip as a Cookie in Nginx, so that it can be passed on to AWS Load Balancer for Load balancer stickiness. location / { proxy_set_header Cookie "$http_cookie; ip=$remote_addr"; proxy_pass http://app_upstream; } I am…
3
votes
2 answers

How do I prevent nginx from stripping secure cookies?

We're setting the secure flag on our cookies and nginx is refusing to transmit them because we're communicating with it over HTTP. This is perfectly understandable, as that is the expected behavior. However, in front of nginx, we run a Classic Load…
Oliver Salzburg
  • 4,505
  • 16
  • 53
  • 80
2
votes
0 answers

Cookies aren't being set/overwritten through nginx reverse proxy

For some reason, when I'm proxying my API request through an nginx reverse proxy, my cookies aren't being overwritten with the new values. I've tried adding the following to my nginx config, but I'm not seeing any changes. In this situation, I'm…
2
votes
1 answer

Conditionally serving high resolution and WebP images with nginx

Not sure if I'm trying to pull off the impossible, but I'm wanting to configure Nginx to serve ".webp" files to browsers that support the file format and serve fallback files (i.e. pngs, jpgs, etc.) to browsers that don't yet support the WebP…
kaffolder
  • 285
  • 1
  • 2
  • 7
1
vote
1 answer

How to protect against session hijacking in Flask

So, i'm developing a Flask web-app and i wanted to test its security since i've implemented the following: SSL Cert with cookies being securely transmitted CSRF token to avoid CSRF attacks Cookie validation, to avoid cookie modification Cookie are…
1
vote
1 answer

Why HTACCESS RewriteCond %{HTTP_COOKIE} only for php and not working for html?

I was trying to redirect all direct access in my subfolder using this code RewriteEngine on RewriteCond %{HTTP_COOKIE} !user_cookie=[^;] RewriteRule .* http://webhost.org/ [R=301,L] I realise it was working only for OHP files but not for other…
MyFault
  • 11
  • 2
1
vote
0 answers

write condition if cookie doesn't exist not working

Ref: Correct way to block a site if a cookie isn't present apache 2.4 We followed the answer and it didn't work. We want to redirect to another page when the cookie does NOT exist (or contain the correct information). We're tried…
SWS
  • 11
  • 2
1
vote
1 answer

How to use a hyphen in cookie names for nginx?

I want to use the new cookie-prefixes, which are not yet standardized by the IETF. These are __Secure- and __Host-. So let's e.g. set this cookie (here the header returned by the server): Set-Cookie: "__Host-apple=yummy; Secure; HttpOnly; Path=/" I…
rugk
  • 466
  • 2
  • 6
  • 18
1
vote
2 answers

nginx -> serve different files using try_files based on cookies (conditions, if, then, else)

I need to configure an nginx server so that: If user has a specific cookie so the server must send a file, else the server must send another one. I read plenty of related articles, but nothing helped, also I know that there is some issues when…
kashesandr
  • 111
  • 5
1
vote
0 answers

HAproxy ACL based on backend application session cookie to replace HTTP Basic Auth

I would need some help on HAproxy configuration to bypass HTTP basic auth and let the user use a specific backend in case there is a valid session cookie present from another backend application. I got it working in general using the following…
1
vote
1 answer

How to enable/disable mod_deflate based on a cookie?

I would like to enable mod_deflate based on the presence and value of a certain cookie. I know it’s possible to do cookie manipulation and tests with mod_rewrite, but I’m not sure how to do that kind of stuff with mod_deflate. Is this possible at…
Mathias Bynens
  • 696
  • 1
  • 10
  • 15
1
vote
2 answers

Check HTTP cookie value with nginx using map directive

I need to perform a redirect depending on the client's IP and the value that has been set in the cookie by WPML Wordpress plugin. I prefer to use the map directive for this purpose. Excerpt of nginx.conf geoip_country…
Twissell
  • 70
  • 1
  • 11
1
2