Forum Discussion
How to set/detect/read cookies on the client machine
Hello All,
I am trying to set a cookie and detect it on the client machine, but am having issues detecting the cookie. My goal is to send credentials over SSL and go back to HTTP after it's been validated. A couple of questions.
1) To set a cookie on the client machine, IRules must set the cookie on the HTTP_Response event, correct?
ex)
if { not ([HTTP::cookie exists "NAME"]) } {
HTTP::cookie insert name "NAME" value "cookie exist"
}
2) To check if the cookie exist on the client machine I would have to check cookie on the HTTP_REQUEST event, correct?
if { ([HTTP::cookie exists "NAME"]) } {
// 301 redirect
}
3) Are the JSESSIONID cookies set on the server as well? If so where do they usually live? We are using WebSphere.
Any help/direction is fully appreciated.
Regards,
TRX
hoolioCirrostratus
Hi Trx,
If you want to send a cookie to the client you'd set it in HTTP_RESPONSE. If you want to insert a cookie in the request sent to the pool, you'd do it in HTTP_REQUEST. To determine if the client included a cookie in the request, you'd check in HTTP_REQUEST. JSESSIONID cookies are set by the web app. They could be set as session cookies (no expiration time) or as persistent cookies (with an explicit expiry date). Session cookies are stored in memory while persistent cookies are stored on disk.
You can use a browser plugin like HttpFox for Firefox or Fiddler for IE to view the cookies being received and sent on the client.
Aaron- When you say "....client included a cookie in the request...", what do you mean exactly? Where would I check for cookies on the client machine? Or does the user have to send the cookie with the user's request?
Let me know.
Thanks.
Regards,
TRX - hoolioYou can check which cookies the client sends to LTM using an iRule which logs in HTTP_REQUEST:
when HTTP_REQUEST { log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::method] request to [HTTP::host][HTTP::uri]" foreach cookie [HTTP::cookie names] { log local0. "[IP::client_addr]:[TCP::client_port]: Cookie $cookie = [HTTP::cookie value $cookie]" } }
To log the cookies in the response, you could use something similar:
when HTTP_RESPONSE {
log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::status] response with Set-Cookie headers: [HTTP::header values Set-Cookie]"
}
For details on cookies and where browsers store them, you can check these sites:
http://www.cookiecentral.com/faq/3
http://www.aboutcookies.org/Default.aspx?page=1
Aaron - Thanks Aaron!
- Hello Aaron,
Had another question/issue.
When going from from http to https triggered by a form action URL, the user name and password ONLY gets across to the https VS, but the realm value is lost and cannot be preserved.URL
What do you recommend the best method to post the realm value along with the credentials over https?
ex) Please put in an random username/password
http://www29.qad.com/partnercenter
NOTE: If you view source you will the realm value as hidden and defaulted to "realm1".
Is there way to retain user name and password using IRules and then concatenate the realm value
to the post URL (i.e. http://www29.qad.com/partnercenter/?username;password,realm1....)
Let me know your thoughts.
Thanks in advance.
Regards,
Traolly Xiong - hoolioHi TRX,
See your other post for a response:
http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/afv/topic/aft/1172821/aff/5/showtab/groupforums/Default.aspx
Aaron