2 Replies Latest reply on Apr 3, 2014 4:11 AM by marcodanti

    Sticky sessions and Set-Cookie HTTPOnly header

    marcodanti Newbie

      I ran into a situation where sticky session get apparently disabled when using set-cookie HTTPOnly:


      1. Without set-cookie, sticky sessions are working
      2. As soon as I insert "Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure" (tried also with "Header set Set-Cookie HttpOnly;Secure") into httpd.conf, sticky sessions are not sticky anymore


      The configuration is :

      • HTTPD-2.4.6 with modcluster-1.3.1-SNAPSHOT working as reverse proxy
      • JBoss-AS-7.2.0.Final (with modcluster-1.2.6.Final) working as backend servers