Secure cookies in http mode

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Advanced member
Advanced member
Posts: 59
Joined: Thu Aug 07, 2014 12:02 pm

Secure cookies in http mode

Postby abatie » Thu Oct 12, 2017 12:45 am

I'm playing with a development cluster (8.7.11_GA_1854_RHEL7_64) and trying to set it to http mode for testing. I seem to be able to get it into http mode, however, when logging in, it sends a cookie with the Secure attribute:

Set-Cookie: ZM_TEST=true;Secure

As a result, the browser refuses to send the cookie back and the login page pops up a warning that I have cookies disabled. How do I get it to actually work in http mode?

To some extent, I'm glad it's proving very difficult to get it to work insecurely, but it's nuisance in a test environment...

Posts: 36
Joined: Fri Jul 08, 2016 7:41 am

Re: Secure cookies in http mode

Postby daniele.antolini » Wed Apr 18, 2018 2:08 pm

I've resolved the issue in this way:

1) Go via https to the login page (I've set BOTH mode)
2) Logout from session
3) Try to login via http

For me it works.
User avatar
Outstanding Member
Outstanding Member
Posts: 803
Joined: Mon Apr 18, 2016 8:18 pm
Location: Earth
ZCS/ZD Version: ZCS FLOSS - 8.7.11 Mutli servers

Re: Secure cookies in http mode

Postby DualBoot » Thu Apr 19, 2018 12:36 pm


this is a common problem with transferring cookie from proxy to store when HTTPS is enabled with SSL upstream.
Put redirect mode on proxy and both mode on store. This configuration should fix your problem.

Return to “Administrators”

Who is online

Users browsing this forum: patrickwilson82 and 18 guests