Let’s look at how to add a secure flag to a cookie for NGINX. As part of our Server Management Services, Bobcares provides answers to all of your questions.

How to add a secure flag to a cookie for NGINX?

We need to secure the application’s cookies if it is set up to use via an SSL connection. By using the Secure and HttpOnly options, we can secure cookies. All cookies have the httponly flag set to true, with the exception of the CSRF cookie. This indicates that scripting languages like JavaScript won’t be able to access the cookie.

Reconfigure the nginx_cookie_flag Module in the Nginx Web Server

We have to use the nginx_cookie_flag_module while configuring the Nginx web server. The Nginx server must have the following extension in order to use this module:

--add-module=/path/to/nginx_cookie_flag_module

Include the following line to the location or server directive in the appropriate configuration file after creating the Nginx using the above module:

set_cookie_flag secure;

nginx_cookie_flag_module

The “HttpOnly,” “secure,” and “SameSite” cookie flags can be set in the “Set-Cookie” upstream response headers with this Nginx module. The flag’s letter register is irrelevant because it will transform to the right value. So it also doesn’t matter in which sequence different directives declare their cookies. Also, the symbol “*” can set a default value. If no other value overrides for them in this situation, this results in adding flags to all cookies.

Syntax:

set_cookie_flag <cookie_name|*> [HttpOnly] [secure] [SameSite|SameSite=[Lax|Strict]];

Compatibility:

1.11.x

Installation:

1. Firstly, clone the git repository.

git clone git://github.com:AirisX/nginx_cookie_flag_module.git

2. Then add the module to the build configuration by adding --add-module=/path/to/nginx_cookie_flag_module or --add-dynamic-module=/path/to/nginx_cookie_flag_module

3. Now build the nginx binary.

4. Finally, install the nginx binary.

Synopsis:

location / {
set_cookie_flag Secret HttpOnly secure SameSite;
set_cookie_flag * HttpOnly;
set_cookie_flag SessionID SameSite=Lax secure;
set_cookie_flag SiteToken SameSite=Strict;
}

Reconfigure proxy_cookie_path in Nginx Web Server

Using the proxy cookie_path_parameter in ssl.conf or default.conf is another choice for Nginx:

proxy_cookie_path / "/; Secure";

[Looking for a solution to another query? We are just a click away.]

Conclusion

In this article, we have seen the steps from our Tech team to add the secure flag to a cookie in NGINX.