Forum Discussion
Joe_Fontes_4518
Nimbostratus
NimbostratusEncrypting Cookie Produces Numerous Cookies
So I followed the advise on:
https://tech.f5.com/home/solutions/sol7784.html
and now things appear to be working. Unfortunately, for some reason it creates numerous cookies...as if it is creating a new one for every directory request.
The initial cookie has a longer string, the next ones have a shorter string. I took the string out of the shorter ones and use base64_decode() in php to check out the contents and it doesn't look like its the regular cookie contents.
Anyways, instead of just one cookie present without using the iRules, there are now 7 present on the client side (one for each directory is hit...such as the images directory).
Any ideas on this one?
In looking through the example I am guessing that for each request the cookie should be deleted...but it just looks like a new one is created. In the firefox cookie viewer you can see that they are all named the same as well.
Joe_Fontes_4518I did find one bug with this as well. For some reason after I impement this iRule, Firefox users have to clear out their cookies before they are able to view the site. If they don't clear out the cookie they get a connection refused from the F5. Any reason why this would not clear out the cookies properly on Firefox...seemed to work on IE.- Joe_Fontes_4518If anyone is interested...I found a quick fix around the firefox issues.
So, we had to implement this cookie encryption today...but we really didn't want to take the chance of upgrading to 9.4.x so we used the iRule listed above until we can get the upgrade done.
Anyways, when you put this iRule into play, firefox users get a connection refused since they still have the old cookie loaded up (old cookie isn't encrypted and thus BigIP doesn't know how to read it). What we did was rename the cookie first in the iRule...so when you head over to the site it generates cookies from the BigIP, but these cookies are not yet used for anything. After that we created a new cookie persistence profile with the new cookie name. After that we switched the site over to the new cookie persistence with the cookie name the same as the encrypted cookie name and presto! all users can connect.
This is a bit of a daisy chain...but we can't exactly ask all users to clear their cookies just to connect.
Thought this might help someone.