For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ted_Smith_11168's avatar
Ted_Smith_11168
Icon for Nimbostratus rankNimbostratus
Aug 09, 2005

help with cookie expiration in iRule

I have two iRules listed below. We are injecting a cookie on siteA, the redirecting to siteB. SiteB checks for value set in siteA. If it is there allow user access. If not go back to siteA and get val...
application delivery
dev
devops
iRules
Joe_Pruitt's avatar
Joe_Pruitt
Aug 10, 2005
The Set-Cookie header is specified in RFC 2109 - HTTP State Management Mechanism (Click here).

4.2.2  Set-Cookie Syntax
   The syntax for the Set-Cookie response header is
   set-cookie      =       "Set-Cookie:" cookies
   cookies         =       1cookie
   cookie          =       NAME "=" VALUE *(";" cookie-av)
   NAME            =       attr
   VALUE           =       value
   cookie-av       =       "Comment" "=" value
                   |       "Domain" "=" value
                   |       "Max-Age" "=" value
                   |       "Path" "=" value
                   |       "Secure"
                   |       "Version" "=" 1*DIGIT

Looks like you'll want to use the "Max-Age" value that's defined as follows:

Max-Age=delta-seconds

Optional. The Max-Age attribute defines the lifetime of the

cookie, in seconds. The delta-seconds value is a decimal non-

negative integer. After delta-seconds seconds elapse, the client

should discard the cookie. A value of zero means the cookie

should be discarded immediately.

In Netscapes original proposal, there is also an "Expires" header that believe most browsers still support which takes as an argument a date string.

-Joe