Forum Discussion
NimbostratusDiscard client with turned off cookies
Hi, Can someone help me with situation like this:
I have a server who will give each client JSESSIONID cookie in response after his first request. If client has turned off cookies in browser i would like to discard session from client.
So my problem is how to check that client has JSESSIONID accepted from response of server. Is that possible to check with iRULE?
I try few things with HTTP::cookie contains "", but unsuccessfuly. Maybe check client Source IP?
If someone can help I would be grateful.
- Kai_Wilke
MVP
Hi Robert,
you may take a look to the iRule sample below.
The iRule will test the browsers cookie support by intercepting the initial requests and 307 redirecting to the very same URI while injecting a cookie. If the client is able to accept and bring back the cookie, it will be allowed to access the backend application and if not, the iRule will display a simple error msg.
when HTTP_REQUEST { if { [HTTP::cookie value "CookieTest"] eq "" } then { The client does not send our test cookie. if { [HTTP::uri] contains "CookieTest=1" } then { Client was redirected before but failed to accept and bring back the cookie HTTP::response 400 content "Bad Request - Turn on cookie support" "Content-Type" "text/html" } else { The was not redirected before. Lets see if the URI already contains a query string. if { [HTTP::uri] contains "?" } then { The URI contains a query string. Appending our CookieTest param to the end of the query string. HTTP::respond 307 "Location" "[HTTP::uri]&CookieTest=1" "Set-Cookie" "CookieTest=1" } else { The URI does not contain a query string. Adding our CookieTest param as a new query string. HTTP::respond 307 "Location" "[HTTP::uri]?CookieTest=1" "Set-Cookie" "CookieTest=1" } } } else { The client has send our test cookie. Allowing the client to pass... } }Note: Didn't tested the iRule and its monday morning. So better apply it to a test environment before going live... 😉
Cheers, Kai
