Forum Discussion

Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
May 12, 2014

There are a few important reasons why the above doesn't work.

  1. Most important, the domain and path attributes of a cookie are only available in the Set-Cookie header, and then only available in an HTTP response. There's no way to tell what those values are in the request.

  2. I've seen this functionality change a few times over the years, but in general:

    • The HTTP::header command will only return the name of the last Set-Cookie header.

    • The HTTP::cookie command will only return the first cookie value if two cookies have the same name.

For this reason, I've taken a significantly more manual, brute force approach. In the following iRule I'm inspecting the raw response TCP payload for the METRICS Set-Cookie data:

when SERVER_CONNECTED {
    TCP::collect
}
when SERVER_DATA {
    if { [TCP::payload] contains "Set-Cookie: METRICS=" } {

         grab the start/end indices of all METRICS Set-Cookie headers
        set indices [regexp -all -inline -indices {Set-Cookie: METRICS=[^>]+?\n} [TCP::payload]]

         loop through the Set-Cookie indices
        foreach idx $indices {

             find the start and length of each METRICS Set-Cookie header
            set start [lindex $idx 0]
            set len [expr { [lindex $idx 1] - $start + 1 }]

             if the METRICS Set-Cookie header contains the specified domain attribute
            if { [string range  [TCP::payload] $start [lindex $idx 1]] contains "domain=domain.com" } {

                 find the start, end, and length of the expires property inside this Set-Cookie header
                set expires [regexp -all -inline -indices {expires=[^>]+?;} [string range [TCP::payload] $start [lindex $idx 1]]]
                foreach exp $expires {
                    set newstart [lindex $exp 0]
                    set newend [lindex $exp 1]
                }               
                set newstart [expr { $start + $newstart }]
                set newend [expr { $start + $newend }]
                set newlen [expr { $newend - $newstart + 1 }]

                 replace this expires property inside the TCP payload
                set datestring [clock format "1388534400" -format "%a, %d-%b-%Y %T GTM" -gmt TRUE]
                TCP::payload replace $newstart $newlen "expires=${datestring};"
            }
        }
    }

     release the payload
    TCP::release
}