Forum Discussion

Nimbostratus

Nov 23, 2015

How to write an Irule to delete session cookies so that we can enhnace security level.

We have few admin URLs that we dont want to be accessed by a 3rd person after we logout from the application. So can we write an Irule to " set all cookies to expired state".

BIG-IP

security

Hannes_Rapp

Nimbostratus

Nov 23, 2015

Do you wish the cookies to be invalidated in client browser after the logout request?

Should get you started:

when HTTP_REQUEST {
  set logOut 0
  set cookiesInRequest [HTTP::cookie names]
  if {[string tolower [HTTP::path]] ends_with '/logout.php'}{
    set logOut 1
  }
}

when HTTP_RESPONSE {
  if { $logOut == 1 }{
    foreach aCookie $cookiesInRequest {
      HTTP::cookie expires $aCookie 1 absolute
    }
  }
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

How to write an Irule to delete session cookies so that we can enhnace security level.

ICYMI - Steve Wozniak at AppWorld 2026

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Impact of client.crt and server.crt expiration

Issue with IIS and Client Component Service Load balancing

AST Configuration Assistance

TCP Profile with Verified Accept enabled and three-way TCP handshake

Rebalancing connections

Related Content

Quarterly Security Notification October 2025

F5 Architecture Track Sessions - AppWorld 2026

Increased Security With First Party Cookies

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

BIG-IP security hardening and compliance checks

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS