HTTP::cookie httponly enable doesn't seem to do anything
On the wiki, it says this is for v11 only, but it seems to be recognized. Also, there's no more information about this command on the wiki http://devcentral.f5.com/wiki/iRules.HTTP__cookie.ashx
This is an application that can be accessed through two different URLs and I want to set the path and add secure an httponly attributes.
The iRule is hte following:
when CLIENT_ACCEPTED {
set add_persist 1
set cookie_path "/"
}
when HTTP_REQUEST {
if { [HTTP::cookie exists "JSESSIONID"] } {
persist uie [HTTP::cookie "JSESSIONID"]
} else {
set jsess [findstr [HTTP::uri] "jsessionid" 11 ";"]
if { $jsess != "" } {
persist uie $jsess
}
}
switch -glob [HTTP::path] {
"/url1*" {
set cookie_path "/url1"
}
"/url2*" {
set cookie_path "/url2"
}
}
}
when HTTP_RESPONSE {
if { [HTTP::cookie exists "JSESSIONID"] and $add_persist } {
HTTP::cookie path "JSESSIONID" $cookie_path
HTTP::cookie secure "JSESSIONID" enable
HTTP::cookie httponly enable
persist add uie [HTTP::cookie "JSESSIONID"]
set add_persist 0
}
}
The Set-Cookie does not add httponly, just secure and path.
Any ideas on how to enable httponly this way? Or should I generate the Set-Cookie header directly?