For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sky_News_Dev_85's avatar
Sky_News_Dev_85
Icon for Nimbostratus rankNimbostratus
Dec 30, 2009

Can't remove session cookie with our iRule

Hi,

 

we are running BIG-IP 9.4.5 and we are using iRule to insert and then remove a specific cookie. The addition (seesion) works great but the iRule to remove the cookie simply does not work.

 

 

The iRules we have in place looks like:

 

 

Adding Cookie

 

when HTTP_RESPONSE {

 

 

if {[HTTP::header exists X-cookie ]}{

 

HTTP::cookie insert name "cookie" value [HTTP::header value "X-cookie"]

 

}

 

}

 

 

Removing Cookie

 

when HTTP_RESPONSE {

 

 

if {[HTTP::header exists X-cookieRemove]}{

 

remove the at cookie

 

HTTP::cookie remove "cookie"

 

}

 

}

 

 

I know that the rule for the header works, i.e. it can find the X-cookieRemove but somehow it does not seem to find the cookie but I can see the cookie using firebug.

 

 

Any ideas?

 

 

Regards

 

Andrea
application delivery
dev
devops
iRules

5 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Dec 31, 2009
    Hi Andrea,

     

     

    Can you describe what you're trying to do? The iRule (or iRules?) you've posted are doing the inverse of each other in the same event.

     

     

    Thanks,

     

    Aaron
  • Sky_News_Dev_85's avatar
    Sky_News_Dev_85
    Icon for Nimbostratus rankNimbostratus
    Dec 31, 2009
    Hi,

     

    yes sorry about not being clear. For testing purposes I created two iRules, one that checks for the header X-cookie and if available creates the cookie. This is working as expected.

     

     

    The second iRule which looks for a header X-cookieRemove should remove the cookie created by the first iRule. Despite that I can see the cookie available using firebug etc the cookie never gets removed by the HTTP::cookie remove command since it seems the cookie does not exist here. I know the header exists and the rule is triggered.

     

     

    The application is creating the headers so we never expect both headers at the same time (same repsonse).

     

     

    Regards

     

    Andreas

     

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Dec 31, 2009
    Thanks for clarifying. Can you add logging to the iRule: 

     
  Removing Cookie 
 when HTTP_RESPONSE { 
  
    log local0. "\[HTTP::header exists X-cookieRemove\]: [HTTP::header exists X-cookieRemove];\ 
       \[HTTP::cookie \"cookie\"\]: [HTTP::cookie "cookie"]" 
  
    if {[HTTP::header exists X-cookieRemove]}{ 
  
        remove the at cookie 
       HTTP::cookie remove "cookie" 
    } 
    log local0. "\[HTTP::cookie \"cookie\"\]: [HTTP::cookie "cookie"]" 
  
 }

    Thanks,

    Aaron
  • Rick_Thompson_7's avatar
    Rick_Thompson_7
    Icon for Nimbostratus rankNimbostratus
    Dec 31, 2009
    This is the output of the log file...

     

     

    Thu Dec 31 14:50:55 GMT 2009 tmm tmm[1798] Rule sky_remove_at_cookie HTTP_RESPONSE: [HTTP::header exists X-atRemove]: 0 [HTTP::cookie at]:

     

    Thu Dec 31 14:50:53 GMT 2009 tmm tmm[1798] Rule sky_remove_at_cookie HTTP_RESPONSE: [HTTP::cookie at]:
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Dec 31, 2009
    Hi Rick,

     

     

    [HTTP::header exists X-atRemove] is returning 0. This indicates that the X-atRemove header doesn't exist in the response, so the cookie isn't being removed.

     

     

    Aaron