Forum Discussion
NimbostratusHTTP Set-Cookie broken due to multiple "; Secure" inserted
Greeting! I'm from SAP and currently we are using F5 loadbalancing, and use iRule to add secure for all the cookiee send back to browser, sorry I'm not from OPS team and not familiar with F5 product, but we are stuck with a customer problem that a cookie is broken for Safari browser, because it contains multiple "; Secure" attributes in "Expires" attributeand Safari refuse to accept more Set-Cookie headers
e.g. Secure; Version=1; path=/;Expires=Tue Sep 25; Secure 22:37:38 EDT; Secure 2063;Max-Age=1576800000000; Secure or Secure; Version=1; path=/;Expires=Thu, 01-Jan-1970 00:00:10; Secure GMT; Max-Age=0; Secure
note that 2 "; Secure" strings inserted in the date string of Expires attribute
our OPS team can find any issue with the irule setting, and my question is that is it possible caused by iRule setting, or any F5 product logic? does anyone meet this problem before? Regards Mike
3 Replies
JGCumulonimbus
It looks like there is some process that inserts "; Secure" in the wrong place; it could be an existing incorrectly coded irule that does this on the F5, or it's your backend app that does it.
foremans_135136I posted here to use the text format
when HTTP_RESPONSE { foreach cookie [HTTP::cookie names] { set value [HTTP::cookie value $cookie]; if { "" != $value } { set testvalue [string tolower $value] set valuelen [string length $value] log local0. "Cookie found: $cookie = $value"; switch -glob -- "$testvalue" { "*;secure*" - "*; secure*" { } default { set value "$value; Secure"; } } if { [string length $value] > $valuelen} { log local0. "Replacing cookie $cookie with $value" HTTP::cookie value $cookie "${value}" } } } }- boneyard
MVP
doesnt directly seem to cause an issue, i would decomment the log lines (log local0...) and see what the incoming value is, if it is already wrong before it hits the BIG-IP you know that the BIG-IP isnt the cause.
