When I
$ curl --head https://myawesomeweb.app/login
As a response I've got a:
HTTP/1.1 200 OK
Date: Fri, 12 Jun 2020 02:28:06 GMT
Server: Apache
ETag: "S0meEnc0d3dS7r1n9"
Cache-Control: max-age=0, private, must-revalidate
X-UA-Compatible: IE=Edge,chrome=1
X-Runtime: 0.013907
Set-Cookie: _session_id=S0meEnc0d3dS7r1n9; path=/; HttpOnly
Status: 200
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Set-Cookie: HttpOnly;Secure
Content-Type: text/html; charset=utf-8
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Cache-control: private
The last Set-Cookie makes me confused, because of the expired date. My /etc/httpd/conf.d/security.conf's content is as follow:
Header set X-Frame-Options SAMEORIGIN
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options nosniff
Header set Set-Cookie "HttpOnly;Secure"
After searching for a while I know from here that there can be multiple "Set-Cookie" and from here I know that sometimes it is ok to have Set-Cookie with expired 01-Jan-1970 00:00:01 DateTime. The question is where can I config Set-Cookies to avoid the last one or set it with a proper expiring date.
Aucun commentaire:
Enregistrer un commentaire