cookie secure and http only -- All cookies that gets downloaded

Question

&nbsp;
i want to secure and http only all cookies when my application is accessed. Tried couple of irule link text and link text no luck. When i use irule similar to second thread, jsessionid cookie doesnt download and doesn't allow to login.&nbsp;
Apart from JSESSIONID,MEMBERNAME,PROGRAMCODE, mycookie (LTM generated) , i can see many cookies downloading and i want to secure all cookies. &nbsp;
Looking for expert advice and suggestion in resolving this ASAP. &nbsp;

maneesh_72711 · Answer

Check this link if you have not.¬†
https://devcentral.f5.com/s/feed/0D51T00006i7N5rSAE¬†

kai_wilke · Answer

Hi Habib,
you may try the iRule below to set the HttpOnly and Secure flags to every issued cookie...
when HTTP_RESPONSE {
    foreach cookie [HTTP::cookie names] {
        HTTP::cookie secure $cookie enable 
        HTTP::cookie httponly $cookie enable 
    }
}

Cheers, Kai

Forum Discussion

cookie secure and http only -- All cookies that gets downloaded

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

In Using the AST tool am I pointing it to TENANTS or to the F5OS(hardware) I have?

Any way to cache HEAD request

can you help with getting a BigIP virtual edition serial key

VIP in https that redirect to another vip in https

2026 is Almost Here

Related Content

Cookie-based DDoS protection

Encrypting Cookies

2. SYN Cookie: Operation

1. SYN Cookie: Intro

8. SYN Cookie: Troubleshooting tcpdump

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS