F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

3 Replies

  • IheartF5_45022's avatar
    IheartF5_45022
    Icon for Nacreous rankNacreous
    Dec 10, 2013

    Hi. If you just want to prevent a client cookie from reaching the server then HTTP::cookie remove "mycookie" in HTTP_REQUEST will work fine.

    If you actually want to expire a cookie from the client to stop it from sending it in subsequent requests, then you need to set the cookie Expires date to the past;-

    when HTTP_RESPONSE {
        HTTP::header insert Set-Cookie "mycookie=xx; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly"
}

    Note that this example assumes the cookie was set on the current domain, not a parent domain, and that the Path was /.

  • Abhishek_128328's avatar
    Abhishek_128328
    Icon for Nimbostratus rankNimbostratus
    Dec 10, 2013

    Hi. I want to prevent the client cookie from reaching the server so i tried HTTP::cookie remove "mycookie" in HTTP_REQUEST but my cookie still reached the server.

     

    I believe this is because my cookie is HttpOnly and hence F5 is unable to remove it.

     

  • IheartF5_45022's avatar
    IheartF5_45022
    Icon for Nacreous rankNacreous
    Dec 10, 2013

    I just tried it and it works for me with HTTPOnly - the F5 wouldn't care about that anyway - it's a cookie attribute and we've asked to remove the cookie, so it would.

    Try this in HTTP_REQUEST - can you see the cookie in the request in the log afterwards?

    if {[HTTP::cookie exists "mycookie"]} {
    HTTP::cookie remove "mycookie"
    log local0. [HTTP::request]
}