Forum Discussion

Nimbostratus

May 25, 2017

F5 iRule to Secure Cookie with HTTPOnly and Secure but not contains cookie name="cnlfsid"

Hi, We need to Secure Cookie with HTTPOnly and Secure but not contains a cookie name ="cnlfsid" Here is my code: when HTTP_RESPONSE { foreach x [HTTP::cookie names] { ...

iRules

security

Cumulonimbus

May 25, 2017

Try this modified version:

when HTTP_RESPONSE {
    foreach x [HTTP::cookie names] {
        if { $x equals "cnlfsid" } {
            continue
        }
        set ckname $x
        set ckvalue [HTTP::cookie value $x] 
        set ckpath [HTTP::cookie $x path]
        HTTP::cookie remove $x
        HTTP::cookie insert name $ckname value $ckvalue path $ckpath version 1
        HTTP::cookie secure $ckname enable
        HTTP::cookie httponly $ckname enable
    }
}

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

F5 iRule to Secure Cookie with HTTPOnly and Secure but not contains cookie name="cnlfsid"

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

F5 XC 503 upstream_reset_before_response_started{protocol_error}

CVE mitigation on F5 XC vs classic F5 WAF

F5 mssql health monitor failing

Could not communicate with the system. Try to reload page.

UCS Encryption Question

Related Content

Knowledge sharing: Containers, Kubernetes, Openshift, F5 Container Connector, NGINX Ingress

Scaling Containers

Enable Consistent Application Services for Containers with CIS

Better together - F5 Container Ingress Services and NGINX Plus Ingress Controller Integration

Sorting Kubernetes with Container Ingress Services

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS