id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 1339 Missing Secure Attribute prophesy604@… "One of our security requirements is that all cookies coming from our nginx server need to have the ""Secure"" flag set. We are using a module, ngx_http_userid_module, that sets a user cookie to track visitors. However, this cookie is not set with the Secure flag and the documentation does not have any information on how to force this module to set that user cookie (uid) as secure. Documentation: http://nginx.org/en/docs/http/ngx_http_userid_module.html Our configuration for this module in nginx.conf: userid on; userid_name uid; userid_domain none; userid_path /; userid_expires 365d; userid_p3p 'policyref=""/w3c/p3p.xml"", CP=""CUR ADM OUR NOR STA NID""'; We need nginx support to help us determine if there is a way to mark the uid cookie set by this module as ""Secure"". " enhancement closed minor nginx-module 1.11.x fixed osodani@… kpoonatar@… jburns@… "[CDC\nmk5-su@astv-npin-nginx ~]$ uname -a Linux astv-npin-nginx 2.6.32-696.3.1.el6.x86_64 #1 SMP Thu Apr 20 11:30:02 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux " "[CDC\nmk5-su@astv-npin-nginx ~]$ nginx -V nginx version: nginx/1.11.5 (nginx-plus-r11) built by gcc 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --build=nginx-plus-r11 --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_jwt_module --with-http_auth_request_module --with-http_dav_module --with-http_f4f_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_hls_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_session_log_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' "