Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revision Both sides next revision | ||
litespeed_wiki:config:header-edit-set-cookie [2021/09/20 17:35] Jackson Zhang [ForceSecureCookie] |
litespeed_wiki:config:header-edit-set-cookie [2021/09/20 17:40] Jackson Zhang |
||
---|---|---|---|
Line 7: | Line 7: | ||
Let's look at the elements of the directive, and how to accomplish each with LSWS. | Let's look at the elements of the directive, and how to accomplish each with LSWS. | ||
- | |||
- | ===== Secure ===== | ||
- | The above example, which involves patching Set-Cookie with a ''secure'' flag when served over HTTPS, is automatically handled by LiteSpeed Web Server as of v5.4.5, and so it is unnecessary to use a directive for that. | ||
- | |||
- | ===== HTTPOnly ===== | ||
- | For ''HTTPOnly'' settings, you should be able to use ''php.ini''. For example: | ||
- | <code> | ||
- | session.cookie_httponly=On | ||
- | </code> | ||
===== ForceSecureCookie ===== | ===== ForceSecureCookie ===== | ||
Line 53: | Line 44: | ||
</code> | </code> | ||
+ | Notes: | ||
+ | * ''secure'' flag when served over HTTPS, is automatically handled by LiteSpeed Web Server as of v5.4.5, and so it is unnecessary to use a directive for that. | ||
+ | * HTTPOnly could also be set in ''php.ini''. For example: | ||
+ | <code> | ||
+ | session.cookie_httponly=On | ||
+ | </code> |