apache 2.2.2 会话cookie配置httponly属性
最近修复客户问题,架构大概2台linux服务器,前台服务器(apache2.2.2反向代理)处理外网请求,转发给后台服务器(tomcat7+java web程序)。现在问题是访问前台服务器网页,会话cookie没有httponly属性。本人通过在httpd conf中Header set Set-Cookie HttpOnly;Secure 以及修改tomcat 7配置都没生效。求大神帮忙看看,提供解决办法,谢谢。
<IFModule mod_headers.c>
Header add Access-Control-Allow-Origin http://192.168.2.105:8080/xxxx
</IFModule>
#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options FollowSymLinks
AllowOverride None
Header set Access-Control-Allow-Origin http://192.168.2.105:8080/xxxxx
注:个人少发贴所以分数不多,多多包涵。