Secure cookie with HttpOnly and Secure in Apache Ubuntu

By -

 This is a new security feature introduced by Microsoft in IE 6 SP1 to mitigate the possibility of a successful Cross-Site scripting attack by not allowing cookies with the HTTP only attribute to be accessed via client-side scripts.

We can mitigate most common XSS attacks in our web application using HttpOnly and Secure flag with cookie.

Implementation Procedure in Apache2

  • Ensure that mod_headers.so are enabled in Apache HTTP server
  • Add below line in httpd.conf 
          Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
  • Restart Apache HTTP server to test ( sudo systemctl restart apache2 )

Note: You can check either leverage the browser’s inbuilt developer tools to check the response header or use an online tool.

Comments

Post a Comment

Popular posts from this blog

Apexcharts not re-render after ajax call - Solved

By -
  render() method just once in the beginning even with empty array, then call the updateSeries() method in ajax call to update data of the chart. var options = { series: [{   name: 'Completed trips',   data: [] }, {   name: 'Cancelled trips',   data: [] }], chart: {   height: 350,   type: 'bar',   toolbar: { show: false },   zoom: { enabled: false } }, plotOptions: {   bar: { horizontal: false, columnWidth: '55%', endingShape: 'rounded'   }, }, dataLabels: { enabled: false }, stroke: {   show: true,   width: 2,   colors: ['transparent'] }, fill: { colors: ['#ffc074', '#6e6e6e'] }, markers: { colors:  ['#ffc074', '#6e6e6e'] }, legend: {   markers: { fillColors: ['#ffc074', '#6e6e6e'] } }, noData: { text: 'Loading...'}, xaxis: {   categories: ['Jan','Feb', 'Mar', 'Apr', 'May...
Read more

Redirect http to https in codeigniter

By -
Follow below steps to redirect you non-http site to https without using .htaccess Change Configuration: go to application/config/config.php and enable hooks to true              $config['enable_hooks'] = TRUE; Create new file hooks.php if not exist other wise open file and paste code           $hook['post_controller_constructor'][] = array(                                 'function' => 'redirect_ssl',                                 'filename' => 'ssl.php',                                 'filepath' => 'hooks'                                 ); Now create a new folder hooks if ...
Read more