Does F5 automatically delete cookies in the header?

Did you check if this behavior is for specific browsers?

F5 Does not strip out, you can log cookies to find out if its being received by F5.

In v10 at least, the HTTP profile has a "Maximum Header Size" property. Mine, which I believe is the default, is set to 32768 (32Kb). In situations where I've encountered this, there's a entry written to /var/log/ltm and the TCP connection is reset.

But resetting the TCP connection is much different than stripping out a header and load-balancing the request. I believe you can cause the LTM to strip out headers based on some of the HTTP profile properties, and you can certainly do it with an iRule. But I don't believe there's any inherent/default LTM behavior that would cause it to strip out a header.

looks like we are seeing the issue when our httpOnly iRule is below our http_cookie_secure_irule.

httponly_irule

when HTTP_RESPONSE { set ck [HTTP::header values "Set-Cookie"] HTTP::header remove "Set-Cookie"

foreach acookie $ck { HTTP::header insert "Set-Cookie" "${acookie}; HttpOnly" }

http_cookie_secure_irule

}

To support the others on this thread, unless you have configured cookie removal via an iRule or profile, then the F5 will not remove any cookies. Are you sure the cookie is not being transmitted by the browser because the request is over HTTP (not HTTPS) and the Secure attribute is set?

We are seeing in the packet capture that one of the cookies needed is getting removed by Big-IP when it is being passed to the server.

are you seeing client sends cookie to bigip but it is removed when sending to server?

can you post irule containing HTTP_REQUEST event or http profile which may remove the cookie?

We are seeing in the packet capture that one of the cookies needed is getting removed by Big-IP when it is being passed to the server.

are you seeing client sends cookie to bigip but it is removed when sending to server?

can you post irule containing HTTP_REQUEST event or http profile which may remove the cookie?

Hi can you try adding the following clauses in to help see where it is going missing?;

when HTTP_REQUEST {
set prefix "\[[expr {int (rand() * 10000)}]\] " 
    log local0. "${prefix}Request [HTTP::uri] cookies [HTTP::cookie names]"
}
when HTTP_REQUEST_SEND {
     log local0. "${prefix}Request [HTTP::uri] cookies [HTTP::cookie names]"
}

Then you can keep track of the request as it comes into the F5 and as it is about to leave.

Right - so it's the responses where you are losing cookies? It's gotta be the iRule doing it and 2 is prime suspect but I'm scratching my head to see exactly what is wrong. Add these extra statements in;-

when HTTP_RESPONSE {
    set ck [HTTP::header values "Set-Cookie"]
    log local0. $ck
    log local0.[HTTP::cookie names]
    HTTP::header remove "Set-Cookie"
    foreach acookie $ck {
        log local0. "Cookie $acookie"
        HTTP::header insert "Set-Cookie" "${acookie}; HttpOnly"
    }
}