Apache mod_headers: can't edit set-cookie header

Question

I'm trying to modify domain for which the cookie is valid with mod_headers:

From: ipa_session=e88331a44e20d8b5caaacb0e896029fe; Domain=internal.example.com; Path=/ipa; Expires=Tue, 13 Dec 2016 09:31:33 GMT; Secure; HttpOnly

To:ipa_session=e88331a44e20d8b5caaacb0e896029fe; Domain=example.com; Path=/ipa; Expires=Tue, 13 Dec 2016 09:31:33 GMT; Secure; HttpOnly

Mod-headers is working well, these rules work:

Header set "something" "something"
Header edit "something" "something" "somethingdifferent"

But editing "Set-Cookie" header just does nothing:

Header edit "Set-Cookie" "Domain=internal.example.com" "Domain=example.com"

Apache syntax is OK, but the rule just does nothing.

Apache package version: 2.4.18-2ubuntu3.1

score 5 · Answer 1 · answered Mar 19 '20 at 22:47

Adding to Misko's response (because my account is too new to comment) the Apache docs say that the response headers come out of TWO sets of internal tables. Thus "always" is required for some things to work, and an absence of "always" is required for others to work. In my case, Ubuntu 18.04, Apache 2.4.29 I had to remove "always" for the headers to be edited coming out of PHP 7.2.

The docs seem to suggest you can have both directives to cover all bases but I have not tested that.

Yes I can confirm this. I had to remove the "always" after moving my website to another server. — fishbone, May 13 '20 at 09:45

score 4 · Answer 2 · answered Dec 13 '16 at 11:14

4

One has to add always before edit

Header always edit "Set-Cookie" "Domain=internal.example.com" "Domain=example.com"

For my instance, I used edit* as well (replaces all occurrences)

answered Dec 13 '16 at 11:14

Misko

1,542
2
19
31

Apache mod_headers: can't edit set-cookie header

2 Answers2