Masking cookie names from the server

The problem is that multiple "Set-Cookie"'s are in a single request, and when I do a [HTTP::cookie remove "Set-Cookie"], I'm clobbering a lot of other cookies. I imagine another potential problem is that I'm not always going to catch "sessionid" being set, because these functions operate only on the last "Set-Cookie" header.

The following code:

when HTTP_RESPONSE {

if { [HTTP::header values "Set-Cookie"] contains "sessionid" } {

log local0. "Set-Cookie count: [HTTP::header count "Set-Cookie"]"

log local0. "Set-Cookie value: [HTTP::header values "Set-Cookie"]"

}

Produces the following output:

Dec 10 00:05:08 tmm tmm[2524]: Rule CookieMask2 : Set-Cookie count: 3

Dec 10 00:05:08 tmm tmm[2524]: Rule CookieMask2 : Set-Cookie value: {sessionid=; path=/; expires=Thu, 01-Jan-1970 00} 00 {00 GMT} {cadata=; path=/; expires=Thu, 01-Jan-1970 00} 00 {00 GMT} {BIGipServerPool_Exchange=2689860106.20480.0000; path=/}

Dec 10 00:05:18 tmm tmm[2524]: Rule CookieMask2 : Set-Cookie count: 3

Dec 10 00:05:18 tmm tmm[2524]: Rule CookieMask2 : Set-Cookie value: {sessionid=1b36c39b-2ae6-42cb-86b1-db030e2e65fe; path=/} {cadata="seeminglyrandomstringbutsanitizedjustincase="; HttpOnly; path=/} {sessionid=1b36c39b-2ae6-42cb-86b1-db030e2e65fe; path=/; path=/}

Which I believe proves this to be true. Also note, that the first "sessionid" cookie is split up funny, which is preventing a pretty simple fix to this problem in my mind.

So, I don't believe I have to tools necessary with HTTP::header and HTTP::cookie to fix this. I see no way to nicely "step through" headers with duplicate names. Hoping someone can chime in on that.