For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

dipta_03_149731's avatar
dipta_03_149731
Icon for Nimbostratus rankNimbostratus
Nov 23, 2015

How to write an Irule to delete session cookies so that we can enhnace security level.

We have few admin URLs that we dont want to be accessed by a 3rd person after we logout from the application. So can we write an Irule to " set all cookies to expired state".  
BIG-IP
security
Rami_307440's avatar
Rami_307440
Icon for Nimbostratus rankNimbostratus
Aug 31, 2017

Hi, Were you able to solve this problem ? The only way to clear or change a session by the application as it's the only owner of that session. You may insert a new session, but the old session will remain unless you close the browser.


when HTTP_REQUEST {

   set logOut 0
        if {(([HTTP::uri] ends_with "logout") or ([HTTP::uri] ends_with "logout.do")) } 
        {
         set logOut 1
        }
            }

when HTTP_RESPONSE {
  if { $logOut == 1 }
  {

    set session_key "whatever0928340923any"

                HTTP::cookie insert name "session_id" value $session_key

}

Please let me know if you find a way to clear the session on logout using iRules.

Thanks,