when you let an external redirect happen (where the
``<code>.www</code>'' part should not occur!).</dd>
- <dt>'<code>cookie|CO=</code><em>NAME</em>:<em>VAL</em>:<em>domain</em>[:<em>lifetime</em>[:<em>path</em>]]'
+ <dt>'<code>cookie|CO=</code><em>NAME</em>:<em>VAL</em>:<em>domain</em>[:<em>lifetime</em>[:<em>path</em>[:<em>secure</em>[:<em>httponly</em>]]]]'
(set cookie)</dt><dd>
This sets a cookie in the client's browser. The cookie's name
is specified by <em>NAME</em> and the value is
<em>VAL</em>. The <em>domain</em> field is the domain of the
cookie, such as '.apache.org', the optional <em>lifetime</em>
- is the lifetime of the cookie in minutes, and the optional
- <em>path</em> is the path of the cookie</dd>
+ is the lifetime of the cookie in minutes, and the optional
+ <em>path</em> is the path of the cookie. If <em>secure</em>
+ is set to 'true' or '1', the cookie is only transmitted via secured
+ connections. If <em>httponly</em> is set to any string, the
+ <code>HttpOnly</code> flag is used, making the cookie not accessible
+ to JavaScript code on browsers that support this feature.</dd>
<dt>
'<code>env|E=</code><em>VAR</em>:<em>VAL</em>'
projects / apache / blobdiff