Forum Discussion
Terje_Gravvold
Nimbostratus
NimbostratusHTTP::cookie - How can I handle cookies with duplicate names but diffrent domain value?
I'm trying to set HttpOnly value for a given cookie name/domain combination (BigIP v9.4). The backend servers (OpenSSO) creates a authentication cookie that does not have this value set.
My problem is that OpenSSO sends out one cookie for each configured domain with the same cookie name but diffrent domain value. I've created an iRule to set the HttpOnly value for a given cookie name, but it does not work with duplicate cookie names. With duplicate cookie names the command seem to give back only the first match.
It seems like the HTTP::cookie value command is missing a domain parameter... Any logic leeding to setting the HttpOnly value for all cookies with name iPlanetDirectoryPro or a specific iPlanetDirectoryPro cookie would be acceptable.
iRule:
when HTTP_RESPONSE {
set OPENSSO_COOKIE [HTTP::cookie value iPlanetDirectoryPro]
if { $OPENSSO_COOKIE ne "" } {
log local0. "Detected OpenSSO iPlanetDirectoryPro cookie with value $OPENSSO_
COOKIE"
log local0. "Secure parameter for OpenSSO iPlanetDirectoryPro cookie is [HTTP
::cookie secure iPlanetDirectoryPro]"
HTTP::cookie value iPlanetDirectoryPro "$OPENSSO_COOKIE; HttpOnly"
log local0. "Setting new value for OpenSSO iPlanetDirectoryPro cookie, new va
lue is [HTTP::cookie value iPlanetDirectoryPro]"
}
}
I'm thankfull for any help regarding this issue.
Best regards
Terje Gravvold
6 Replies
hoolioCirrostratus
Hi Terje,
I'd open a case on this to make a feature request for your scenario as I don't think there is a simple way to do this with existing HTTP::cookie commands for multiple cookies with the same name. You could also run into this with cookie paths for example.
In the meantime, you could try modifying the Set-Cookie header(s) instead. You could use HTTP::header values Set-Cookie in 9.4.0 and higher to retrieve the values for each Set-Cookie header and then set the HttpOnly flag.
Aaron- hoolioHi Terje,
If you do open a case on this, you can reference BZ368616 which notes a similar feature request.
Aaron 
Sashi_81625if you dont mind setting HttpOnly flag to all cookies then u can use this
when HTTP_RESPONSE {
HTTP::header replace Set-Cookie [string map [list path "HttpOnly; path"] [HTTP::header Set-Cookie]]
}- hoolioNice idea Sashi. You would want to handle the possibility multiple Set-Cookie response headers with something like:
when HTTP_RESPONSE { set set_cookies [string map [list path "HttpOnly; path"] [HTTP::header values Set-Cookie]] HTTP::header remove Set-Cookies HTTP::header insert Set-Cookies $set_cookies }
Aaron - hoolioActually, HTTP::header values returns the headers in a list. So you might need to join them with a semi-colon... here's another untested stab 🙂
when HTTP_RESPONSE { set set_cookies [string map [list path "HttpOnly; path"] [HTTP::header values Set-Cookie]] HTTP::header remove Set-Cookies HTTP::header insert Set-Cookies [join $set_cookies ";"] }
Aaron 
Terje_GravvoldNice, thanks! My solution is a bit more complex :). I will test your logic later.
This also seems to work:when HTTP_RESPONSE { set CookieCounter 0 foreach SetCookieHeader [HTTP::header values Set-Cookie] { incr CookieCounter log local0. "Saving Set-Cookie header value in array, index number = $CookieCounter, Value = $SetCookieHeader" set CookieArray("$CookieCounter") "$SetCookieHeader" } HTTP::header remove "Set-Cookie" log local0. "Removing Set-Cookie HTTP headers" foreach {Index Cookie} [array get CookieArray] { if { $Cookie contains "iPlanetDirectoryPro" } { HTTP::header insert "$Cookie; HttpOnly" log local0. "Inserting cookie - $Cookie; HttpOnly" } else { HTTP::header insert "$Cookie" log local0. "Inserting cookie - $Cookie" } } }
![\"F5](\"https://www.f5.com/content/dam/f5/f5-logo.svg\"){kind=logo}