enable samesite cookies in apache web server

How to Set Samesite Cookies in Apache Web Server

Samesite cookies protect your website from XSS attacks with the help of HttpOnly and Secure flags in cookies. If you do not have these flags in your website’s response headers, then it is possible for attackers to steal your website’s cookies and manipulate user sessions on it. In this article, we will look at how to set samesite cookies in Apache web server.


How to Set Samesite Cookies in Apache Web Server

It is very easy to set samesite cookies to secure your Apache Web server.


1. Open Apache configuration file

Open terminal and run the following command to open Apache configuration file.

$ sudo vi /etc/httpd/conf/httpd.conf

It may also be located at any of the following locations depending on your installation.

  • /etc/apache2/httpd.conf
  • /etc/apache2/apache2.conf
  • /etc/httpd/httpd.conf

Also read : How to Uninstall NGINX from Ubuntu


2. Enable Samesite cookies

Add the following line to your Apache configuration file, depending on its version. It will enable HttpOnly and Secure flags in response headers.

Apache >= 2.2.4

Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=Strict

Apache < 2.2.4

Header set Set-Cookie HttpOnly;Secure;SameSite=Strict

Save and close the file.

Also read : How to Exclude File in Git Commit


3. Restart Apache Web Server

Restart Apache web server to apply changes

$ sudo service apache2 restart

Also read : How to Save Iptables Rules Permanently


4. Test samesite cookies

You can use any of the online tools to check HTTP response headers on your website and ensure that samesite cookies are actually enabled.

Also read : How to Convert String to UTF-8 in Python

Samesite headers will protect your website from XSS attacks by setting HttpOnly and Secure flags for each response.



Leave a Reply

Your email address will not be published. Required fields are marked *