LiteSpeed Alternative to Apache Header Edit
LiteSpeed doesn't support Apache's header edit
directive, and so the following Apache directive won't work on LiteSpeed:
Header always edit Set-Cookie (.*) "$1;HTTPOnly;Secure"
''secure''
This particular case, which involves patching Set-Cookie with a secure
flag when served over HTTPS, is automatically handled by LiteSpeed Web Server as of v5.4.5, and so it is unnecessary to use a directive for that.
''HTTPOnly''
For HTTPOnly
settings, you should be able to use php.ini
. For example:
session.cookie_httponly=On
''SameSite''
For SameSite=none
attribute, there is no alternative way to do it on LiteSpeed at the time of this writing. It is better to be handled on the application level when the developer designs the site.