Forum Discussion

Nimbostratus

Nov 18, 2015

How to set httponly without secure flag

Please advise How to set httponly without secure flag? is the below ok?

when HTTP_RESPONSE { set var [HTTP::header values "Set-Cookie"] HTTP::header remove "Set-Cookie" foreach tcookie $var { HTTP::header insert "Set-Cookie" "${tcookie}; HttpOnly; " } }

LTM

security

1 Reply

Hannes_Rapp

Nimbostratus

Nov 18, 2015

Use

HTTP::cookie httponly CookieName enable

function. Ref: https://devcentral.f5.com/wiki/iRules.HTTP__cookie.ashx

when HTTP_RESPONSE {
   Iterate through all server-inserted cookies. Enable the httponly option
  foreach cookieName [HTTP::cookie names] {
    HTTP::cookie httponly $cookieName enable
  }
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)