Forum Discussion
Stefan_126426
Nimbostratus
NimbostratusConfusing ASP.NET session cookie rewriting with HttpOnly flag version 10
Hi Everyone, first post here so a little introduction.
I am a sysadmin/developer for a large insurance company and have just taken ownership of our F5 box. 12 Years IT experience so I can usuall...
nitass
Employee
Employeewhat about this one?
[root@ve10:Active] config b virtual bar80 list
virtual bar80 {
snat automap
pool foo
destination 172.28.19.252:80
ip protocol 6
rules myrule
profiles {
http {}
tcp {}
}
}
[root@ve10:Active] config b pool foo list
pool foo {
members 200.200.200.101:80 {}
}
[root@ve10:Active] config b rule myrule list
rule myrule {
when HTTP_RESPONSE {
set myValues [HTTP::header values "Set-Cookie"]
HTTP::header remove "Set-Cookie"
foreach mycookies $myValues {
scan [lindex $mycookies 0] {%[^=]=%[^;]} currentName currentValue
HTTP::header insert "Set-Cookie" "$currentName=$currentValue; HttpOnly; Secure; Path=/"
}
}
}
response from server (not passing bigip)
[root@ve10:Active] config curl -I http://200.200.200.101
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 21216
Content-Type: text/html; charset=utf-8
Expires: -1
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=d4or5si4ezfo3oiienjmzjug; path=/; HttpOnly
Set-Cookie: testcookie=123456; path=/
Set-Cookie: mycookie=abcdef; path=/; HttpOnly
Date: Wed, 02 Jan 2013 15:26:51 GMT
response from bigip
[root@centos251 ~] curl -I http://172.28.19.252
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 21216
Content-Type: text/html; charset=utf-8
Expires: -1
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Wed, 02 Jan 2013 15:26:51 GMT
Set-Cookie: ASP.NET_SessionId=d4or5si4ezfo3oiienjmzjug; HttpOnly; Secure; Path=/
Set-Cookie: testcookie=123456; HttpOnly; Secure; Path=/
Set-Cookie: mycookie=abcdef; HttpOnly; Secure; Path=/
