Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
Next revision Both sides next revision
litespeed_wiki:config:header-edit [2020/09/01 13:07]
Jackson Zhang created
litespeed_wiki:config:header-edit [2020/09/03 15:37] (current)
Jackson Zhang
Line 1: Line 1:
-====== Alternative ​way for Header ​"​edit"​ directive on LSWS ====== +====== ​LiteSpeed ​Alternative ​to Apache ​Header ​Edit ====== 
-LiteSpeed doesn'​t support ​the header ​"edit" ​directive ​hence the following directive won't work on LiteSpeed, which works on Apache.+ 
 +LiteSpeed doesn'​t support ​Apache'​s ​header ​''​edit'' ​directive, and so the following ​Apache ​directive won't work on LiteSpeed:
   Header always edit Set-Cookie (.*) "​$1;​HTTPOnly;​Secure"​   Header always edit Set-Cookie (.*) "​$1;​HTTPOnly;​Secure"​
-  ​ +===== ''​secure''​ ===== 
-What's the equivalent solution for LiteSpeed+This particular case, which involves patching Set-Cookie with a ''​secure''​ flag when served over HTTPS, is automatically handled by LiteSpeed ​Web Server as of v5.4.5, and so it is unnecessary to use a directive for that.
  
-For ''​secure'' ​flag, starting from LSWS 5.4.5, LiteSpeed Web Server will automatically patch Set-Cookie with ''​secure'' ​flag when served over HTTPS. +===== ''​HTTPOnly'' ​===== 
- +For ''​HTTPOnly''​ settings, you should be able to use ''​php.ini''​. For example: 
-For other cookie ​settings, you may try to make changes in php.ini, for example:+<​code>​
   session.cookie_httponly=On   session.cookie_httponly=On
 + </​code>​
 +
 +===== ''​SameSite''​=====
 +For ''​SameSite=none''​ attribute, there is no alternative way to do it on LiteSpeed at the time of this writing. It is better to be handled on the application level when the developer designs the site. 
  • Admin
  • Last modified: 2020/09/01 13:07
  • by Jackson Zhang