id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
1339	Missing Secure Attribute	prophesy604@…		"One of our security requirements is that all cookies coming from our nginx server need to have the ""Secure"" flag set.

We are using a module, ngx_http_userid_module, that sets a user cookie to track visitors. However, this cookie is not set with the Secure flag and the documentation does not have any information on how to force this module to set that user cookie (uid) as secure.

Documentation:
http://nginx.org/en/docs/http/ngx_http_userid_module.html

Our configuration for this module in nginx.conf:

userid on;
userid_name uid;
userid_domain none;
userid_path /;
userid_expires 365d;
userid_p3p 'policyref=""/w3c/p3p.xml"", CP=""CUR ADM OUR NOR STA NID""';

We need nginx support to help us determine if there is a way to mark the uid cookie set by this module as ""Secure"".
"	enhancement	closed	minor		nginx-module	1.11.x	fixed		osodani@… kpoonatar@… jburns@…	"[CDC\nmk5-su@astv-npin-nginx ~]$ uname -a
Linux astv-npin-nginx 2.6.32-696.3.1.el6.x86_64 #1 SMP Thu Apr 20 11:30:02 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux
"	"[CDC\nmk5-su@astv-npin-nginx ~]$ nginx -V
nginx version: nginx/1.11.5 (nginx-plus-r11)
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --build=nginx-plus-r11 --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_jwt_module --with-http_auth_request_module --with-http_dav_module --with-http_f4f_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_hls_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_session_log_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'
"