Forum Discussion

MDPF52_180608's avatar
MDPF52_180608
Icon for Nimbostratus rankNimbostratus
May 27, 2015

iRule delete cookie in HTTP REQUEST

Hello Community,

 

I'm facing in issue with the HTTP::respond 302 with a cookie removal. After the logout procedure i can see a blank page without any redirect, maybe the syntax is wrong. Can anyone help me?

 

Below you can find the code:

 

when HTTP_REQUEST { set redirect https://domainsite.com/vdesk/hangup.php3 set content "Location $redirect Set-Cookie \"ASP.NET_SessionId=;path=/; HttpOnly; domain=domainsite.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT\""

 

if { [HTTP::uri] contains "logout.xxx" } {

 

HTTP::respond 302 $content

 

} }

 

Thanks in advance,

 

Best Regards,

 

M.

 

application delivery
BIG-IP Access Policy Manager (APM)
LTM
security

8 Replies

  • Michael_Jenkins's avatar
    Michael_Jenkins
    Icon for Cirrostratus rankCirrostratus
    May 27, 2015

    Have you tried adding logging to the ltm log (/var/log/ltm) to see if you ever get to the redirect? Also, if you use Fiddler (Windows) or something like the built in network monitor on Chrome or Firefox, what kind of response do you see from the page request? 

    when HTTP_REQUEST {
    set redirect https://domainsite.com/vdesk/hangup.php3 
    log local0. "URI: '[HTTP::uri]'"
    if { [HTTP::uri] contains "logout.xxx" } {
        log local0. "  Redirecting to '$redirect'"
        HTTP::respond 302 Location $redirect "Set-Cookie" "ASP.NET_SessionId=;path=/; HttpOnly; domain=domainsite.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT"            
    }
}
  • Walter_Kacynski's avatar
    Walter_Kacynski
    Icon for Cirrostratus rankCirrostratus
    May 27, 2015

    I personally have not had any luck using 

    HTTP::respond 302 $content
    and the syntax that Michael J has used is what works for me.

  • nitass_89166's avatar
    nitass_89166
    Icon for Noctilucent rankNoctilucent
    Jun 01, 2015

    the cookie still remains on the browser, how is it possibile? ( Session cookie with the HTTP flag = true & No secure flag)

     

    did you see browser sending the session cookie in subsequent request?

     

    • MDPF52_180608's avatar
      MDPF52_180608
      Icon for Nimbostratus rankNimbostratus
      Jun 01, 2015
      Hello nitass, Yes i see the session cookie in the subsequent request. Thanks. M.
    • nitass_89166's avatar
      nitass_89166
      Icon for Noctilucent rankNoctilucent
      Jun 01, 2015
      are you using http analyzer tool e.g. httpwatch, httpfox? can you post http analyzer screenshots showing redirection with expired cookie and subsequent request with the cookie?
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jun 01, 2015

    the cookie still remains on the browser, how is it possibile? ( Session cookie with the HTTP flag = true & No secure flag)

     

    did you see browser sending the session cookie in subsequent request?

     

    • MDPF52_180608's avatar
      MDPF52_180608
      Icon for Nimbostratus rankNimbostratus
      Jun 01, 2015
      Hello nitass, Yes i see the session cookie in the subsequent request. Thanks. M.
    • nitass's avatar
      nitass
      Icon for Employee rankEmployee
      Jun 01, 2015
      are you using http analyzer tool e.g. httpwatch, httpfox? can you post http analyzer screenshots showing redirection with expired cookie and subsequent request with the cookie?