Forum Discussion

Brad_Baker's avatar
Brad_Baker
Icon for Cirrus rankCirrus
Mar 10, 2022

Clearing cookies for site with iRule

We believe we have some users with bad cookies on their system. Its not practical to ask all users to delete their cookies so we want to force them to expire with an f5 iRule. There is an HTTP::cook...
devops
Brad_Baker's avatar
Brad_Baker
Icon for Cirrus rankCirrus
Mar 11, 2022

Seems like this should work but it doesn't 

when HTTP_REQUEST { 
    # If the cookie_version2 cookie doesn't exist get 
    # a list of cookies to be used in the response
    if {not [HTTP::cookie exists "cookie_version2"]} {
        #log local0. "cookie_version2 exists"
        set request_cookies [HTTP::cookie names] 
    }
}

when HTTP_RESPONSE {
    # If there is a list of cookies to delete 
    if {[info exists request_cookies]} {
        #log local0. "Iterating through deleting cookies"
                
        # Iterate thruough them and set the expiry in the past
        foreach a_cookie $request_cookies { 
            #log local0. "Remove cookie: $a_cookie" 
            HTTP::header insert Set-Cookie "$a_cookie=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;path=/" 
        } 
     
        # Set a cookie_version2 cookie so we don't run this again.
        #log local0. "Add cookie cookie_versio2=1 to track if the cookies have been cleared before or not"
        HTTP::cookie insert name "cookie_version2" value "1" path "/"
        HTTP::cookie attribute cookie_version2 value "expires" "Thu, 09-April-2022 00:00:00 GMT"
    
        #log local0. "Add dummy cookie to see if cookie deletions is working"
        HTTP::cookie insert name "dummy_cookie" value "1"  path "/"
        HTTP::cookie attribute dummy_cookie value "expires" "Thu, 09-April-2022 00:00:00 GMT"
    }
}
  • CA_Valli's avatar
    CA_Valli
    Icon for MVP rankMVP
    Mar 15, 2022

    Hi, I've achieved a similar thing recently to delete APM cookies and restart session.  I can confirm the only way to delete cookies on client side is forcing them to expire. Try to see if my code snippet helps you. Also, I'm only removing cookies for specific domain since that was what I needed for my environment, use browser tools to determine whether you need this or not. 

     

    when HTTP_REQUEST {
    set refererfound 0

    if {[string tolower [HTTP::header value Referer]] eq "<censored>"}{
        set refererfound 1
        HTTP::header replace Referer ""
        set reqcookies [HTTP::cookie names]
        foreach cookie $reqcookies {
            HTTP::cookie remove $cookie
        }
    }
}

when HTTP_RESPONSE_RELEASE { 
    if {$refererfound eq 1}{
    foreach acookie $reqcookies {
        HTTP::header insert Set-Cookie "$acookie=deleted; domain=<censored>; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/"          
    }
    }
}

     

    • David_M's avatar
      David_M
      Icon for Cirrostratus rankCirrostratus
      Mar 15, 2022

      hey, I'm trying something similar, so if I want to do it for just 1 domain do I just replace your if condition to match the HTTP host? The domain is simple like example.com 

          if {[string tolower [HTTP::header value Referer]] eq "<censored>"}{ #replace with HTTP host instead of referer here? Will that work?

       

      • CA_Valli's avatar
        CA_Valli
        Icon for MVP rankMVP
        Mar 15, 2022

        Hello David, syntax-wise it will work; however consider that this will mean cookies will be dropped every time since iRule is executed at every request hit.

        If you need "fresh" cookies to be generated and kept in next requests, you might want to consider injecting some cookie yourself, that will allow you to ignore the "cookie drop" on next requests.

        I didn't need this in my scenario, since I was only concerned about a very specific HREF call. 

        Also, check the Set-Cookie instruction in response release event too, it might require tuning.