Forum Discussion

Madiw_114772's avatar
Madiw_114772
Icon for Nimbostratus rankNimbostratus
Mar 17, 2017

issues to set cookie with IE only

Hi, I'm experiencing an issue to set cookie in IE with the iRule below. Everything works fine with Firefox as the cookie is created but with IE, the user gets stuck in the redirection page and cannot access the application after retyping the URL . With my testing, I found that when cookie value is set to «1» or «true», IE refuses systematically to create a cookie, with a different value it has worked once but the not anymore. Any help would be appreciated.

 

Here is the iRule

 

when HTTP_REQUEST { if { [SSL::cipher version] eq "TLSv1" } { if { not ( [HTTP::cookie exists TLSDISABLE] ) } { set expires "28800" HTTP::respond 302 Location "; "Set-Cookie" "TLSDISABLE=good; path=/; expires=$expires; secure; httponly" } } }

 

application delivery
LTM
  • Jeremy_Church_3's avatar
    Jeremy_Church_3
    Mar 17, 2017

    Dakar,

    The Expires attribute in a cookie is not supposed to be an integer.

    You can check this in RFC 6265.

    I haven't tested this code, but I believe it is closer to what you're looking for.

     

    when HTTP_REQUEST {
    if { [SSL::cipher version] eq "TLSv1" } {
        if { not ( [HTTP::cookie exists TLSDISABLE] ) } {
            set expires [clock format [expr { [clock seconds] + 28800 } ] -format "%a, %d-%b-%Y %T GMT" -gmt 1]
            HTTP::respond 302 Location "http://page.abc.com/sslwarning.html" "Set-Cookie" "TLSDISABLE=good; path=/; Expires=${expires}; Secure; HttpOnly"
        }
    }
}

     

    The Expires attribute would look something like this Expires=Sat, 18-Mar-2017 05:32:54 GMT

  • Jeremy_Church_3's avatar
    Jeremy_Church_3
    Icon for Cirrus rankCirrus
    Mar 17, 2017

    Dakar,

    The Expires attribute in a cookie is not supposed to be an integer.

    You can check this in RFC 6265.

    I haven't tested this code, but I believe it is closer to what you're looking for.

     

    when HTTP_REQUEST {
    if { [SSL::cipher version] eq "TLSv1" } {
        if { not ( [HTTP::cookie exists TLSDISABLE] ) } {
            set expires [clock format [expr { [clock seconds] + 28800 } ] -format "%a, %d-%b-%Y %T GMT" -gmt 1]
            HTTP::respond 302 Location "http://page.abc.com/sslwarning.html" "Set-Cookie" "TLSDISABLE=good; path=/; Expires=${expires}; Secure; HttpOnly"
        }
    }
}

     

    The Expires attribute would look something like this Expires=Sat, 18-Mar-2017 05:32:54 GMT

    • Madiw_114772's avatar
      Madiw_114772
      Icon for Nimbostratus rankNimbostratus
      Mar 18, 2017

      Jeremy, Thank you for your quick answer. Your suggestion seems to be working correctly. I will just observe the behavior in 8 hours, in case....

       

    • Jeremy_Church_3's avatar
      Jeremy_Church_3
      Icon for Cirrus rankCirrus
      Mar 18, 2017

      Dakar,

       

      Glad to hear it's working so far. I'm interested in knowing how how it turns out.

       

      If you didn't find it already there was a typo in the iRule above before I updated the answer. There was a semi-colon after the URL in the Location header value.

       

    • Madiw_114772's avatar
      Madiw_114772
      Icon for Nimbostratus rankNimbostratus
      Mar 18, 2017

      Jeremy,

       

      I tested today and everything works fine.

       

      Thank you very much