Forum Discussion
CirrocumulusIdentify a cookie based on domain and then remove it from the request?
Is there a way to identify a specific cookie based on the domain setting is has and then have it removed from the request?
The problem is that the client has 2 cookies named MHRSession, one with domain.com and one with site1.domain.com. The problems is that the one containing domain.com gets sent and breaks the login as it´s used for SSO. So what i want to do is to identify it based on the domain it contains and then remove it.
Thanks.
5 Replies
kimhenriksenWe have tested something like this: when CLIENT_ACCEPTED { ACCESS::restrict_irule_events disable log local0. "[IP::remote_addr] Removed domain.com cookie" } when HTTP_RESPONSE { if {[HTTP::cookie exists "MRHSession"] { if {HTTP::cookie domain "MRHSession" contains "domain.com"}{ HTTP::cookie remove "MRHSession" } } } The problem is that it seems to remove the cookie named MRHSession that contains site1.domain.com as well... or at least breaks the authentication in some way.
IanBEmployee
You said 'contains' domain.com, and clearly 'site1.domain.com' also contains 'domain.com', and so it would match that. Perhaps you want to change 'contains' to 'equals' ?- kimhenriksenIs that possible? Ok, I´ll have to try that right away!
It would be better to fix the problem that causes the client to get the conflicting cookies in the first place, rather than trying to remove the conflicting ones after the fact. APM's cookie domain setting can be easily modified in the Access Profile settings.
If you want to modify the responses from APM for some reason though, you should use "HTTP_RESPONSE_RELEASE" (about to egress the response to the client) rather than "HTTP_RESPONSE" (ingressed the response from the server).
- kimhenriksenThat did not work, but it would be something else in the irule that doesnt work.
