On Sat, Nov 19, 2016 at 01:08:24PM -0800, Gerard Mattison wrote:
Hi there,
> One of the issue I having is that when I ran a vulnerability assessment,
> the "route" cookie is coming up as not secure.
It looks like the cookie should be secure.
Is there any change that you used this browser to access this server;
then reconfigured the server to add the "secure" options and reloaded
the config; and then refreshed the page in the browser?
If so, that would explain it -- you have to arrange that the browser
removes the previous session cookie (for example, by closing the browser
or just by deleting the cookie). If the browser presents a cookie,
the server will not send a new one.
And it is only the new one that will be marked "Secure" or not.
Good luck with it,
f
--
Francis Daly [email protected]
_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
