For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

F5_Freek_243545's avatar
F5_Freek_243545
Icon for Nimbostratus rankNimbostratus
May 06, 2016

How to configure cookie "secure; http-only;" ?

Hi Folks, I want to make cookie secure and http only for an SSL url. I have wrote small irule to insert it in header. Does it make sense? Is there any problem we should expect if you are doing it i...
LTM
security
Yann_Desmarest's avatar
Yann_Desmarest
Icon for Cirrus rankCirrus
May 06, 2016

Hello,

You can set the secure flag by using the following lines of codes (within HTTP_RESPONSE event) : 

set myValues [HTTP::cookie names]
foreach mycookies $myValues {
    HTTP::cookie secure $mycookies enable
    set value [HTTP::cookie value $mycookies]
    set testvalue [string tolower $value]
    set valuelen [string length $value]
    switch -glob $testvalue {
      "*;httponly*" -
      "*; httponly*" { }
      default { set value "$value; HttpOnly"; }
    }
    if { [string length $value] > $valuelen} {
      HTTP::cookie value $mycookies "${value}"
    }
}
Related Content