Forum Discussion
Jeff_Brinkerho1
Nimbostratus
NimbostratusiRule needed to clear specific cookies from particular domain
Recently we moved our peoplesoft system to a subdomain of our DNS space. So instead of all our VIPs being for example, prod.abc.com they are now prod.ps.abc.com
Peoplesoft uses a cookie for sing...
Stanislas_Piro2
Cumulonimbus
CumulonimbusHi,
the HTTP::cookie remove command on HTTP_RESPONSE event does not remove cookie on client browser but only on the answer. if the browser does not receive cookie update, it will not remove it.
to force removal of cookie on client browser, you need to force expiration of it by changing the expiration date:
when HTTP_REQUEST {
if {[HTTP::cookie exists "PS_TOKEN"] {
HTTP::respond 302 noserver Location "https://[HTTP::host][HTTP:uri]" Connection close Set-Cookie "PS_TOKEN=deleted;secure;expires=Thu, 01 Jan 1970 00:00:00 GMT"
}
}
or
when HTTP_RESPONSE {
if {[HTTP::cookie exists "PS_TOKEN"] {
if {HTTP::cookie domain "PS_TOKEN" contains "abc.com"}{
HTTP::cookie remove "PS_TOKEN"
HTTP::header insert Set-Cookie "PS_TOKEN=deleted;secure;expires=Thu, 01 Jan 1970 00:00:00 GMT"
}
}
}