Forum Discussion
when HTTP_RESPONSE_RELEASE {
# Get all values of Set-Cookie headers
set unsafe_cookie_headers [HTTP::header values "Set-Cookie"]
# Remove the current unsafe Set-Cookie header
HTTP::header remove "Set-Cookie"
foreach set_cookie_header $unsafe_cookie_headers {
# Insert a new Set-Cookie header with '<value>; Secure' for each one (to securize)
HTTP::header insert "Set-Cookie" "${set_cookie_header}; Secure"
}
}
May 31, 2019
The client is not going to use the cookie tagged as "Secure" if the communication is through HTTP (unsecure).
REF - https://en.wikipedia.org/wiki/Secure_cookie
I would appreciate if you rate my answer.
KR,
Dario.