Forum Discussion
LesterP
Apr 11, 2012Nimbostratus
Help with ProxyPass iRule v 8.2 and cookies
Using ProxyPass v8.2 with LTM 9.x we been experiencing a strange behavior with some cookies.
The rule is splitting a cookie into 3 different cookies back to the user.
The incoming header is
Set-Cookie: CAMSLC_DEV=ldap; Domain=example.com; Expires=Wed, 05-Dec-2012 21:12:42 GMT; Path=/"
and the outgoing header becomes
Set-Cookie: CAMSLC_DEV=ldap; Domain=example.com; Expires=Wed, 05-Dec-2012 21
Set-Cookie: 42 GMT; Path=/
Set-Cookie: 12
I added some logging statements to the iRule--
Rewrite any domains/paths in Set-Cookie headers
if {[HTTP::header exists "Set-Cookie"]}{
array set cookielist { }
A response may have multiple Set-Cookie headers, loop through them
foreach cookievalue [HTTP::header values "Set-Cookie"] {
set cookiename [getfield $cookievalue "=" 1]
set newcookievalue ""
if {$::ProxyPassDebug > 1} {
log local0. "COOKIEMON:Detect cookie name \"$cookiename\" from header field \"$cookievalue\" "
}
What is logged:
Apr 11 16:12:11 iss-bigIP-1d tmm tmm[1052]: Rule ProxyPassHTTPS_D_NoCookie : COOKIEMON:Detect cookie name "CAMSLC_DEV" from header field "CAMSLC_DEV=ldap; Domain=example.com; Expires=Fri, 07-Dec-2012 21"
Apr 11 16:12:11 iss-bigIP-1d tmm tmm[1052]: Rule ProxyPassHTTPS_D_NoCookie : COOKIEMON: cookie element before trim "CAMSLC_DEV=ldap"
Apr 11 16:12:11 iss-bigIP-1d tmm tmm[1052]: Rule ProxyPassHTTPS_D_NoCookie : COOKIEMON: cookie element after trim "CAMSLC_DEV=ldap"
Apr 11 16:12:11 iss-bigIP-1d tmm tmm[1052]: Rule ProxyPassHTTPS_D_NoCookie : COOKIEMON: cookie element has an equal sign
Apr 11 16:12:11 iss-bigIP-1d tmm tmm[1052]: Rule ProxyPassHTTPS_D_NoCookie : COOKIEMON: cookie element has been split by equal sign into name "CAMSLC_DEV" and value "ldap"
Apr 11 16:12:11 iss-bigIP-1d tmm tmm[1052]: Rule ProxyPassHTTPS_D_NoCookie : COOKIEMON: cookie element before trim " Domain=example.com"
Apr 11 16:12:11 iss-bigIP-1d tmm tmm[1052]: Rule ProxyPassHTTPS_D_NoCookie : COOKIEMON: cookie element after trim "Domain=example.com"
Apr 11 16:12:11 iss-bigIP-1d tmm tmm[1052]: Rule ProxyPassHTTPS_D_NoCookie : COOKIEMON: cookie element has an equal sign
Apr 11 16:12:11 iss-bigIP-1d tmm tmm[1052]: Rule ProxyPassHTTPS_D_NoCookie : COOKIEMON: cookie element has been split by equal sign into name "Domain" and value "example.com"
Apr 11 16:12:11 iss-bigIP-1d tmm tmm[1052]: Rule ProxyPassHTTPS_D_NoCookie : COOKIEMON: cookie element before trim " Expires=Fri, 07-Dec-2012 21"
Apr 11 16:12:11 iss-bigIP-1d tmm tmm[1052]: Rule ProxyPassHTTPS_D_NoCookie : COOKIEMON: cookie element after trim "Expires=Fri, 07-Dec-2012 21"
Apr 11 16:12:11 iss-bigIP-1d tmm tmm[1052]: Rule ProxyPassHTTPS_D_NoCookie : COOKIEMON: cookie element has an equal sign
Apr 11 16:12:11 iss-bigIP-1d tmm tmm[1052]: Rule ProxyPassHTTPS_D_NoCookie : COOKIEMON: cookie element has been split by equal sign into name "Expires" and value "Fri, 07-Dec-2012 21"
Apr 11 16:12:11 iss-bigIP-1d tmm tmm[1052]: Rule ProxyPassHTTPS_D_NoCookie : COOKIEMON:Detect cookie name "12" from header field "12"
Apr 11 16:12:11 iss-bigIP-1d tmm tmm[1052]: Rule ProxyPassHTTPS_D_NoCookie : COOKIEMON: cookie element before trim "12"
Apr 11 16:12:11 iss-bigIP-1d tmm tmm[1052]: Rule ProxyPassHTTPS_D_NoCookie : COOKIEMON: cookie element after trim "12"
Apr 11 16:12:11 iss-bigIP-1d tmm tmm[1052]: Rule ProxyPassHTTPS_D_NoCookie : COOKIEMON:Detect cookie name "11 GMT; Path" from header field "11 GMT; Path=/"
What can I do about the split at the colons?
- hooleylistCirrostratusHi,
- kjcNimbostratusWhat happens if an app does try to set more than one cookie?
- hooleylistCirrostratusIf the app sets multiple cookies in one Set-Cookie header using HTTP::header value Set-Cookie would work fine. If the app sets multiple cookies in multiple Set-Cookie headers only the last Set-Cookie header would be parsed and updated for any domain rewriting that needs to be done. If the domain of the cookies isn't updated, the client would potentially not send those cookie(s) on subsequent requests.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects