Forum Discussion

gnomemade_16346's avatar
gnomemade_16346
Icon for Nimbostratus rankNimbostratus
Mar 17, 2015

Adding spaces between semicolon seperated cookie elements

I'm using the following irule to add secure/httpOnly attributes to cookies:

when HTTP_RESPONSE {

foreach aCookie [HTTP::cookie names] {
        set ck_value [HTTP::cookie value $aCookie]
        set ck_path [HTTP::cookie path $aCookie]
        HTTP::cookie remove $aCookie
        HTTP::cookie insert name $aCookie value $ck_value path $ck_path version 1
        HTTP::cookie httponly $aCookie enable
        HTTP::cookie secure $aCookie enable
        }
}

It's doing what I want but the resulting cookie looks like this with no spaces after the semicolons:

Set-Cookie:.ASPXAUTH=xxxxxxxxxxxxxxxxxxx;Secure;HttpOnly;Path=/;Version=1;

Everything is working as it should but not having a space after the semicolons makes it a little harder to read and I can't seem to find any info if no spaces is acceptable from a standards perspective.

Can anyone tell me if having no spaces is ok from a standards / compatibility standpoint and if there is an easy way to add a space after each semicolon?

application delivery
deployment
devops
http cookies
iRules
LTM
  • Seth_Cooper's avatar
    Seth_Cooper
    Icon for Employee rankEmployee
    Mar 17, 2015

    Hi,

    Based on RFC6265 http://tools.ietf.org/html/rfc6265section-5.2 Section 5.2, Step 5 then RFC says to strip the white space characters. Having no spaces should be find from a standards point of view.

    
The user agent MUST use an algorithm equivalent to the following
   algorithm to parse the unparsed-attributes:

   1.  If the unparsed-attributes string is empty, skip the rest of
       these steps.

   2.  Discard the first character of the unparsed-attributes (which
       will be a %x3B (";") character).

   3.  If the remaining unparsed-attributes contains a %x3B (";")
       character:

     Consume the characters of the unparsed-attributes up to, but
          not including, the first %x3B (";") character.

       Otherwise:

       Consume the remainder of the unparsed-attributes.

       Let the cookie-av string be the characters consumed in this step.

   4.  If the cookie-av string contains a %x3D ("=") character:

       The (possibly empty) attribute-name string consists of the
          characters up to, but not including, the first %x3D ("=")
          character, and the (possibly empty) attribute-value string
          consists of the characters after the first %x3D ("=")
          character.

       Otherwise:

       The attribute-name string consists of the entire cookie-av
          string, and the attribute-value string is empty.

   5.  Remove any leading or trailing WSP characters from the attribute-
       name string and the attribute-value string.

   6.  Process the attribute-name and attribute-value according to the
       requirements in the following subsections.  (Notice that
       attributes with unrecognized attribute-names are ignored.)

   7.  Return to Step 1 of this algorithm.

    -Seth