Forum Discussion

Nimbostratus

Jan 02, 2013

Confusing ASP.NET session cookie rewriting with HttpOnly flag version 10

Hi Everyone, first post here so a little introduction. I am a sysadmin/developer for a large insurance company and have just taken ownership of our F5 box. 12 Years IT experience so I can usuall...

Nimbostratus

Jan 04, 2013

This is my final version as I needed to exlude some cookies from being manipulated. Hopefully someone may find it useful

This is working perfectly, so thanks again nitass

when HTTP_RESPONSE {

set myValues [HTTP::header values "Set-Cookie"]

HTTP::header remove "Set-Cookie"

foreach mycookies $myValues {

scan [lindex $mycookies 0] {%[^=]=%[^;]} currentName currentValue

set myflags [lindex $mycookies 1]

switch $currentName {

"scrubbed" -

"redacted" -

"deleted" -

"notforyoutoknow"

{

HTTP::header insert "Set-Cookie" "$currentName=$currentValue; $myflags"

}

default {

HTTP::header insert "Set-Cookie" "$currentName=$currentValue; HttpOnly; Secure; Path=/"

}

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Confusing ASP.NET session cookie rewriting with HttpOnly flag version 10

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

Changes to DO and AS3 GitHub - no longer monitored

BIGIP VE - SSL acceleration with Intel QAT

Big IP licensed with wrong Base Registration Key

F5 Device Management Certificate renewal

Bot Defense causing a lot of false positives

Related Content

Rewriting Redirects

Cache Confusion

Rewriting iRules...LIVE!

Thinking Outside the Box: Rewriting Web Pages with F5 Distributed Cloud (XC)

AS3 TLS_Client VS TLS_Server Schema confusion

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS