For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mnb_63148's avatar
mnb_63148
Icon for Nimbostratus rankNimbostratus
Feb 20, 2014

Does F5 automatically delete cookies in the header?

I have an issue where cookies are not always showing in the HTTP header. This is causing session timeouts when users are trying to log into a site and when they are randomly clicking around in a site...
nitass's avatar
nitass
Icon for Employee rankEmployee
Feb 23, 2014

We are seeing in the packet capture that one of the cookies needed is getting removed by Big-IP when it is being passed to the server.

 

are you seeing client sends cookie to bigip but it is removed when sending to server?

 

can you post irule containing HTTP_REQUEST event or http profile which may remove the cookie?

 

  • mnb_63148's avatar
    mnb_63148
    Icon for Nimbostratus rankNimbostratus
    Feb 23, 2014
    Below are the iRules that reference cookies: iRule 1 when HTTP_RESPONSE { set myValues [HTTP::cookie names] foreach mycookies $myValues { HTTP::cookie secure $mycookies enable } } iRule 2 when HTTP_RESPONSE { set ck [HTTP::header values "Set-Cookie"] HTTP::header remove "Set-Cookie" foreach acookie $ck { HTTP::header insert "Set-Cookie" "${acookie}; HttpOnly" } }