Is it possible to modify cookies when using nginx as a reverse proxy similar to what Set-Cookie does in apache?
I have a web application that sets session cookies and I wish to append the HttpOnly flag to them before they are served by nginx. Unfortunatly I cannot modify the source code of the application to do it there.
Best Answer
You can always use
add_header
to add one, but even if you parse cookies coming down from backend looking at thehttp_cookie
variable, you won't be able to modify them using vanilla nginx.What you could use however is the 3rd-party Lua module. The link provided by Kyle Sith has an answer containg a small code snippet manipulating cookies (https://serverfault.com/a/448887/140131).