Forum Discussion

Dave_Pisarek's avatar
Apr 29, 2021

Adding http only / secure flags to TS cookies per policy

Since it is a global change to add flags to the TS or ASM cookie, I am guessing if you need to add it to a specific policy and not global would involve an irule.   Below is a rule that seems wou...
  • spalande's avatar
    May 01, 2021

    Hi Dave, it appears you are using iRule from the discussion. It was used to add those attributes to all cookies and skip for some selective cookies which were selected in switch statement.

    If you want to add secure/httponly attributes only for ASM TS cookies but keep other session/application cookies unchanged, you can try using the below simpler version of iRule. This can be applied to 8443 ASM VIP. This should work on any version above 11.x

    Reference: https://support.f5.com/csp/article/K11324

    when HTTP_RESPONSE_RELEASE {
      foreach cookielist [HTTP::cookie names] {
      switch -glob [string tolower $cookielist] {
       "ts*" 
        {
        HTTP::cookie secure $cookielist enable
        HTTP::cookie httponly $cookielist enable
        }	default 
    	return
        }
      }
    }