MSK_222682
Feb 01, 2016Nimbostratus
Multiple Secure and HttpOnly attributes seen for cookie
Hi,
I ran a curl command from a linux machine to a URL (on https) which is hosted on our BIG IP LTM. This virtual server has been set to add Secure, HttpOnly attributes to the cookie.
However, I see below response from BIG IP (in HTTP response) :
< Set-Cookie: JSESSIONID=3D7E79C494B64F4EB8D2D4FF862AFB0C; Path=/wcc-web/; Secure; HttpOnly; Secure; HttpOnly
< Set-Cookie: BIGipServerpl_wcc-pst.dhl.com_8443=1369786533.64288.0000; expires=Mon, 01-Feb-2016 07:56:08 GMT; path=/; Secure; HttpOnly
As seen above two Set-Cookie are seen and in Set-Cookie JESSIONID we could see Secure and HttpOnly twice.
Issue here is the end user is able to login to the URL in question successfully but after that the page redirects to the same page on entering the details and therefore its not working as expected. This application hosted on BIGIP LTM load balances two backend servers.
Application is working as expected when the user tests by accessing directly to the backend servers. I have a feeling that this issue is because of JESSIONID that is being sent by server in cookie but I may be wrong.
Please provide some pointers to troubleshoot this further.
Thanks,
Sai