Forum Discussion

istockchris_390's avatar
istockchris_390
Icon for Nimbostratus rankNimbostratus
Dec 08, 2010

Masking cookie names from the server

I have fighting sessionID cookies from two different applications. One uses a subdomain, the other uses the root domain. My work around idea is to hide the cookie using the root domain from the appli...
application delivery
dev
devops
iRules
hooleylist's avatar
hooleylist
Icon for Cirrostratus rankCirrostratus
Dec 09, 2010
Hi,

 

 

A stream profile applied to a VS with an HTTP profile will only affect the HTTP request and response payloads. Cookies in the request are just name=value pairs. The client won't include cookie properties that the server set like the path or domain.

 

 

So can you differentiate between the cookies just based on the value? If so, would you want to rename the "wrong" session cookie name? Or would you just want to remove it from requests that are proxied to the pool? You can remove a cookie using HTTP::cookie remove. But I'm not sure how HTTP::cookie remove will handle two cookies with the same name. It might remove the last cookie (or both!). You could save the cookie value that you want, remove all cookies with that name and then insert the correct value again. This assumes that you can determine the correct cookie value though.

 

 

Aaron