iRule : BIGipServer cookies HttpOnly generating Improper version errors

Hi,

after testing both TMOS v11.2.1 and TMOS v11.5.1HF10 I found the command

HTTP::cookie version  1

working under a specific condition only.

In v11.2.1 you may see an error message "Illegal argument (line 1)" in /var/log/ltm and clientside connection will be resetted by the virtual server.

In v11.5.1HF10 you may see no error message in /var/log/ltm and clientside connection will be resetted by the virtual server as well. The RST cause logged in the tcpdump (using options "-i 0.0:nnnp -s 0") is as follows:

rst_cause="[0x19a15c8:1288] {peer} iRule execution error"

In both cases no response will be delivered to the client. The command works fine as long as the cookie to be modified has at least an additional attribute. If the cookie just consists of name and value (with and without a trailing semi colon) you will observe the behavior described above.

If the cookie to be modified has additional attributes (i.e. "Path=;Domain=") the conversion works fine in both TMOS versions.

You can verify it by using the following iRule as reflector to force differently formatted cookies:

when HTTP_REQUEST {
    set my_content [subst {cookietest plaintext page}]
     set my_cookie [subst {myCookie42=value42;Domain=[getfield [HTTP::host] ":" 1];Path=[HTTP::path]}]
    set my_cookie [subst {myCookie42=value42}]
    set my_contype [subst {text/plain; charset=us-ascii}]

    HTTP::respond 200 content ${my_content} Set-Cookie ${my_cookie} Connection Close Content-Type ${my_contype}
}

The iRule above can be bound to an additional virtual server referenced by the command

virtual 

in your current iRule. Just play with the my_cookie variable for evaluation, please.

From my perspective it is a bug preventing us from using the

HTTP::cookie version

command.

In case you already have an open support case on the subject, please let us know.

Otherwise I will open one.

Thanks, Stephan