HTTPOnly "attribute and secure "attribute

Question

Hello everyone&nbsp;
The report of my scan shows us the following errors:
- "The cookie does not contain the" HTTPOnly "attribute."
- "The cookie does not contain the" secure "attribute."
I added the following irula that works very well:
when HTTP_RESPONSE {
foreach mycookie [HTTP :: cookie names] {
HTTP :: cookie secure $ mycookie enable
}
}&nbsp;
But when I try to write the script secure cookie + httponly:
when HTTP_RESPONSE {
foreach mycookie [HTTP :: cookie names] {
HTTP :: cookie secure $ mycookie enable
HTTP :: httponly cookie $ mycookie enable
}
}&nbsp;
I have an error, can you help me?&nbsp;

lee_sutcliffe · Answer

Hi, looks to be a typo, try this:
HTTP_RESPONSE { 
    foreach mycookie [HTTP::cookie names] { 
        HTTP::cookie secure $mycookie enable 
        HTTP::cookie httponly $mycookie enable 
        } 
}

srini_87152 · Answer

if you running 12.x version,default you have option enable these on cookie level.&nbsp;
Thx
Srini&nbsp;

Forum Discussion

HTTPOnly "attribute and secure "attribute

Recent Discussions

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Background Tasks

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Related Content

Insert "samesite = none" attribute in an existing iRule

How to use rest api to get the "Availability" attribute value of virtual server member without knowing its pool name

Cookie Does Not Contain The "secure" Attribute on ltm vip

The cookie does not contain the "HTTPOnly" attribute.

iRule for RADIUS "calling station ID" attribute 31 (persistence)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS