Forum Discussion

Nimbostratus

Dec 15, 2011

Mark cookie as secure

We have 2 virtual servers for an IIS site, one for http and the other for https, but they use the same pool on port 80. Is there a way to mark all of session cookies leaving the https VS as secure s...

Nimbostratus

Dec 15, 2011

Hi DaveC,

Sure, you can do that. Try this:


when HTTP_RESPONSE {
set cookies [HTTP::cookie names]
 Loop through each cookie by name in request
foreach aCookie $cookies {
 Replace cookie name from list and set Secure Flag to Enable
HTTP::cookie secure $aCookie enable
}
}

Hope this helps.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Mark cookie as secure

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

F5 Security Podcasts

Remove Quotation marks

Certifications for security professionals

API security

Re: SYN Cookie operation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS