* Allow HttpOnly, 1 and true to enable HttpOnly, allow secure, 1 and true

  to enable secure.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@664330 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/docs/manual/mod/mod_rewrite.xml b/docs/manual/mod/mod_rewrite.xml
index c9e4fa0af152b9a9f856229c01925274fa6994d1..2a66f4d3319b19d5ae522f6b4347cddf40c0fad0 100644 (file)
--- a/docs/manual/mod/mod_rewrite.xml
+++ b/docs/manual/mod/mod_rewrite.xml
@@ -1259,8 +1259,8 @@ cannot use <code>$N</code> in the substitution string!
         cookie, such as '.apache.org', the optional <em>lifetime</em>
         is the lifetime of the cookie in minutes, and the optional 
         <em>path</em> is the path of the cookie. If <em>secure</em>
-        is set to 'true' or '1', the cookie is only transmitted via secured
-        connections. If <em>httponly</em> is set to 'true' or '1', the
+        is set to 'secure', 'true' or '1', the cookie is only transmitted via secured
+        connections. If <em>httponly</em> is set to 'HttpOnly', 'true' or '1', the
         <code>HttpOnly</code> flag is used, making the cookie inaccessible
         to JavaScript code on browsers that support this feature.</dd>
 

diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
index 4abf898db624decbb5a901d75e45df36e0d2c00f..10e50dd9bf9b0a15ce02a67d6cc6b7e59b59b73d 100644 (file)
--- a/modules/mappers/mod_rewrite.c
+++ b/modules/mappers/mod_rewrite.c
@@ -2493,10 +2493,14 @@ static void add_cookie(request_rec *r, char *s)
                                  expires ? "; expires=" : NULL,
                                  expires ? exp_time : NULL,
                                  (secure && (!strcasecmp(secure, "true")
-                                             || !strcasecmp(secure, "1"))) ?
+                                             || !strcmp(secure, "1")
+                                             || !strcasecmp(secure,
+                                                            "secure"))) ?
                                   "; secure" : NULL,
                                  (httponly && (!strcasecmp(httponly, "true")
-                                               || !strcasecmp(httponly, "1"))) ?
+                                               || !strcmp(httponly, "1")
+                                               || !strcasecmp(httponly,
+                                                              "HttpOnly"))) ?
                                   "; HttpOnly" : NULL,
                                  NULL);