Forum Discussion

Terje_Gravvold's avatar
Terje_Gravvold
Icon for Nimbostratus rankNimbostratus
Mar 29, 2012

HTTP::cookie - How can I handle cookies with duplicate names but diffrent domain value?

I'm trying to set HttpOnly value for a given cookie name/domain combination (BigIP v9.4). The backend servers (OpenSSO) creates a authentication cookie that does not have this value set.

 

 

My problem is that OpenSSO sends out one cookie for each configured domain with the same cookie name but diffrent domain value. I've created an iRule to set the HttpOnly value for a given cookie name, but it does not work with duplicate cookie names. With duplicate cookie names the command seem to give back only the first match.

 

 

It seems like the HTTP::cookie value command is missing a domain parameter... Any logic leeding to setting the HttpOnly value for all cookies with name iPlanetDirectoryPro or a specific iPlanetDirectoryPro cookie would be acceptable.

 

 

iRule:

 

when HTTP_RESPONSE {

 

set OPENSSO_COOKIE [HTTP::cookie value iPlanetDirectoryPro]

 

if { $OPENSSO_COOKIE ne "" } {

 

log local0. "Detected OpenSSO iPlanetDirectoryPro cookie with value $OPENSSO_

 

COOKIE"

 

log local0. "Secure parameter for OpenSSO iPlanetDirectoryPro cookie is [HTTP

 

::cookie secure iPlanetDirectoryPro]"

 

HTTP::cookie value iPlanetDirectoryPro "$OPENSSO_COOKIE; HttpOnly"

 

log local0. "Setting new value for OpenSSO iPlanetDirectoryPro cookie, new va

 

lue is [HTTP::cookie value iPlanetDirectoryPro]"

 

}

 

}

 

 

I'm thankfull for any help regarding this issue.

 

 

Best regards

 

Terje Gravvold

 

  • Hi Terje,

     

     

    I'd open a case on this to make a feature request for your scenario as I don't think there is a simple way to do this with existing HTTP::cookie commands for multiple cookies with the same name. You could also run into this with cookie paths for example.

     

     

    In the meantime, you could try modifying the Set-Cookie header(s) instead. You could use HTTP::header values Set-Cookie in 9.4.0 and higher to retrieve the values for each Set-Cookie header and then set the HttpOnly flag.

     

     

    Aaron
  • Hi Terje,

     

     

    If you do open a case on this, you can reference BZ368616 which notes a similar feature request.

     

     

    Aaron
  • if you dont mind setting HttpOnly flag to all cookies then u can use this

     

     

     

     

    when HTTP_RESPONSE {

     

    HTTP::header replace Set-Cookie [string map [list path "HttpOnly; path"] [HTTP::header Set-Cookie]]

     

    }

     

     

  • Nice idea Sashi. You would want to handle the possibility multiple Set-Cookie response headers with something like:

    
    when HTTP_RESPONSE {
       set set_cookies [string map [list path "HttpOnly; path"] [HTTP::header values Set-Cookie]]
       HTTP::header remove Set-Cookies
       HTTP::header insert Set-Cookies $set_cookies
    }
    

    Aaron
  • Actually, HTTP::header values returns the headers in a list. So you might need to join them with a semi-colon... here's another untested stab 🙂

    
    when HTTP_RESPONSE {
       set set_cookies [string map [list path "HttpOnly; path"] [HTTP::header values Set-Cookie]]
       HTTP::header remove Set-Cookies
       HTTP::header insert Set-Cookies [join $set_cookies ";"]
    }
    

    Aaron
  • Nice, thanks! My solution is a bit more complex :). I will test your logic later.

    This also seems to work:

    
    when HTTP_RESPONSE {
     set CookieCounter 0
     foreach SetCookieHeader [HTTP::header values Set-Cookie] {
        incr CookieCounter
        log local0. "Saving Set-Cookie header value in array, index number = $CookieCounter, Value = $SetCookieHeader"
        set CookieArray("$CookieCounter") "$SetCookieHeader"
        }
     HTTP::header remove "Set-Cookie"
     log local0. "Removing Set-Cookie HTTP headers"
     foreach {Index Cookie} [array get CookieArray] {
        if { $Cookie contains "iPlanetDirectoryPro" } {
           HTTP::header insert "$Cookie; HttpOnly"
           log local0. "Inserting cookie - $Cookie; HttpOnly"
           }
        else {
           HTTP::header insert "$Cookie"
           log local0. "Inserting cookie - $Cookie"
           }
        }
    }