cookie-flag: NGINX cookie flag module
Debian/Ubuntu installation
These docs apply to the APT package nginx-module-cookie-flag provided by the GetPageSpeed Extras repository.
- Configure the APT repository as described in APT repository setup.
- Install the module:
sudo apt-get update
sudo apt-get install nginx-module-cookie-flag
Show suites and architectures
| Distro | Suite | Component | Architectures |
|----------|-------------------|-------------|-----------------|
| debian | bookworm | main | amd64, arm64 |
| debian | bookworm-mainline | main | amd64, arm64 |
| debian | trixie | main | amd64, arm64 |
| debian | trixie-mainline | main | amd64, arm64 |
| ubuntu | focal | main | amd64, arm64 |
| ubuntu | focal-mainline | main | amd64, arm64 |
| ubuntu | jammy | main | amd64, arm64 |
| ubuntu | jammy-mainline | main | amd64, arm64 |
| ubuntu | noble | main | amd64, arm64 |
| ubuntu | noble-mainline | main | amd64, arm64 |
The Nginx module for adding cookie flag
Synopsis
location / {
set_cookie_flag Secret HttpOnly secure SameSite;
set_cookie_flag * HttpOnly;
set_cookie_flag SessionID SameSite=Lax secure;
set_cookie_flag SiteToken SameSite=Strict;
}
Description
This module for Nginx allows to set the flags "HttpOnly", "secure" and "SameSite" for cookies in the "Set-Cookie" response headers. The register of letters for the flags doesn't matter as it will be converted to the correct value. The order of cookie declaration among multiple directives doesn't matter too. It is possible to set a default value using symbol "*". In this case flags will be added to the all cookies if no other value for them is overriden.
Directives
set_cookie_flag
| - | - |
|---|---|
| Syntax | set_cookie_flag \<cookie_name|*> [HttpOnly] [secure] [SameSite|SameSite=[Lax|Strict]]; |
| Default | - |
| Context | server, location |
Description: Add flag to desired cookie.