How to add Httponly and Secure attributes to HTTP cookies (for 11.5.x)
when HTTP_RESPONSE { set setckval [HTTP::header values "Set-Cookie"] HTTP::header remove "Set-Cookie" foreach cookie1 $setckval { set cookie1 [string trimright [string trimright $cookie1] ";"] set list1 [lrange [split $cookie1 ";"] 1 end] set hasHttpOnly false if { $httpsVs } { set hasSecure false} else { set hasSecure true } foreach item1 $list1 { set titem1 [string tolower [string trim $item1]] if { ($titem1 eq "httponly") or ($titem1 starts_with "httponly=") } { set hasHttpOnly true } if { ($titem1 eq "secure") or ($titem1 starts_with "secure=")} { set hasSecure true } } if { not $hasHttpOnly } { set cookie1 "${cookie1}; Httponly" } if { not $hasSecure } { set cookie1 "${cookie1}; Secure" } HTTP::header insert "Set-Cookie" $cookie1 } }