Forum Discussion
Aaron_Magruder_
Nimbostratus
NimbostratusInsert Cookie for a different domain
Is it possible to insert a cookie for domain xyz.domain.com when a customer visits abc.domain.com, then redirect them to xyz.domain.com?
When the customer gets redirected, I would like to have the BigIP look for the cookie that I inserted when they visited abc.domain.com. If the cookie exists, use pool xyz, if not redirect them to abc.domain.com to get a cookie.
Here is what I have come up with so far, but the cookie insertion isn't working. I am getting redirected back and forth between web sites.
Thanks for any assistance.
VS abc
rule abc_redirect
VS xyz
rule xyz1
rule abc_redirect {
when CLIENT_ACCEPTED {
set ckname xyz
set ckvalue [IP::client_addr]
set ckdomain xyz.domain.com
}
when HTTP_REQUEST {
HTTP::cookie insert name $ckname value $ckvalue path / domain $ckdomain
HTTP::redirect "https://xyz.domain.com"
}
rule xyz1
when CLIENT_ACCEPTED {
set ckname xyz
set ckvalue [IP::client_addr]
set ckdomain xyz.domain.com
}
when HTTP_REQUEST {
if {[HTTP::cookie exists $ckname]} {
HTTP::cookie remove $ckname
pool xyz
}
else {
HTTP::redirect "https://abc.domain.com"
}
}
- Are you seeing the Set-Cookie being sent back as a response on the wire? I suspect that your user agent might be rejecting the cookies because the host name of the Set-Cookie is different that the current host name. In another words, I don't think you are allowed to do a Set-Cookie abc.domain.com from 123.domain.com.
Its hard to tell what you are trying to do exactly, but would it be possible to put information about the domains that you visited inside the cookies instead of playing games with the domain values? If so, you should set the domain to ".domain.com.". Hope that helps. 
Aaron_Magruder_No I don't see the cookie being sent back. It doesn't appear that my syntax is correct or that the BigIP won't send a cookie for a different domain.
To give more detail on our issue:
We have two 3DNS controllers and two pairs of BigIP's in two datacenters. We need to persist customers to one datacenter. Our TTL's on the wide IP's are 30 seconds to provide fast failover in the event of a datacenter failure. We use LDNS persistence on the 3dns. This works great except for the ISP who load balancer their dns servers. Each ldns server may get a persisted to a different datacenter. When the user queries their ldns, they are getting different answers and getting forwarded to different datacenters.
We would like the user to go to aac.domain.com, get a cookie for aac1.domain.com or aac2.domain.com, depending on what datacenter they are in. Once they get the cookie, they will be redirected to either aac1 or aac2, depending on what datacenter they are in. When the contact aac1 or aac2.domain.com, the BigIP will check to see if a cookie is present. If not, they will be redirected to aac.domain.com.
This is an attempt to keep customers from book marking aac1 or aac2.domain.com. If they bookmark on a datacenter, load balancing is diminished or that datacenter may not be available.
Any idea if the BigIP will allow you to inject a cookie for a domain that you are not currently visiting?- Perhaps you mean to latch the HTTP_RESPONSE event instead of HTTP_REQUEST?
- Aaron_Magruder_I have tried that too. I don't see the cookie being injected during a trace. I tried inserting a cookie by the persist and HTTP::cookie insert methods.
when CLIENT_ACCEPTED {
set ckname acc1
set ckvalue [IP::client_addr]
set ckdomain acc1.domain.com
}
when HTTP_RESPONSE {
persist cookie insert acc1.domain.com
HTTP::cookie insert name $ckname value $ckvalue path / domain $ckdomain
HTTP::redirect "http://acc1.domain.com"
} - The HTTP::redirect short-circuits the response and prevents the cookie from being inserted. This affects the explicit cookie insert as well as cookie persistence. However, you can accomplish what you're trying to do with the HTTP::respond command if you add the Set-Cookie header manually.
- Here is an example ...
set cookie [format "%s=%s; path=/; domain=%s" $ckname $ckvalue $domain] HTTP::respond 301 "Set-Cookie" $cookie
The HTTP respond command is more general and lets you specify the http headers or even content to be sent as a response. Hopefully this will do the trick. - Aaron_Magruder_Thanks. I figured out the location field, got the cookie inserted based on your syntax and the redirect is working.
The cookie isn't being presented to the new site. I am trying to figure out the expires or maxage syntax so that I shows up in my Cookies folder in Windows. I think once this is done, problem solved.
Thanks for your help. - Aaron_Magruder_I had the ckname and ckdomain set incorrectly. After correcting this issue, the redirect works. If the cookie is not presented to aac1, you are redirected back to aac to get a cookie.
Thanks for your help.
when CLIENT_ACCEPTED {
set ckname acc1
set ckvalue [IP::client_addr]
set ckdomain domain.com
set cookie [format "%s=%s; path=/; domain=%s" $ckname $ckvalue $ckdomain]
}
when HTTP_RESPONSE {
HTTP::respond 302 Location "http://acc1.domain.com" "Set-Cookie" $cookie
}
rule aac1
when CLIENT_ACCEPTED {
set ckname acc1
set ckvalue [IP::client_addr]
set ckdomain domain.com
}
when HTTP_REQUEST {
if {[HTTP::cookie exists $ckname]} {
pool Shared-172-29-98-77
}
else {
HTTP::redirect "http://acc.domain.com"
}
}
