Forum Discussion
Brad_Parker
Feb 01, 2016Cirrus
Try using this iRule. It will not try to set secure or httponly if it is already set. What you are doing to manually changing the cookie payload without inspecting what is already there.
when HTTP_RESPONSE {
foreach mycookie [HTTP::cookie names] {
HTTP::cookie secure $mycookie enable
HTTP::cookie httponly $mycookie enable
}
}
- Brad_ParkerFeb 01, 2016CirrusApparently edit isn't working today. You probably also want to ensure your cookie is at least version 1 using this: when HTTP_RESPONSE { foreach mycookie [HTTP::cookie names] { HTTP::cookie version $myCookie 1 HTTP::cookie secure $mycookie enable HTTP::cookie httponly $mycookie enable } }
- MSK_222682Feb 01, 2016NimbostratusHi Brad, Thanks for the quick response. I shall update my iRule with above one and test again with the user. Also, do you think the presence of JSESSIONID in the server response cookie is causing the problem here ?? I'm of the impression that if server uses JESSIONID for maintaining persistence then we need a explicit iRule to support JESSIONID persistence and override the default persistence mechanism configured at pool level. Do let me know if my understanding is correct ? If so, I may have to create another iRule for this virtual server. Thanks, Sai
- Brad_ParkerFeb 01, 2016CirrusYou don't necessarily have to persist on JESSIONID, but if you want to you can using universal persistence. https://support.f5.com/kb/en-us/solutions/public/7000/300/sol7392.html
- MSK_222682Feb 02, 2016NimbostratusHi Brad, I have tried your iRule script but I see below error : > GET /wcc-web/login HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.18 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host: wcc-pst.dhl.com > Accept: */* > * SSL read: errno -5961 * Closing connection 0 curl: (56) SSL read: errno -5961 Not sure why it was throwing error pertaining to SSL. Any thoughts ? With regards to my problem, as I have explained below issue still persists. Could you please check my comments below explaining the current scenario. Thanks for sharing SOL7392, I would have a look at it. Regards, Sai
- MSK_222682Feb 03, 2016NimbostratusHi Brad, Have you got chance to look into this. Thanks in advance, Sai
- Brad_ParkerFeb 03, 2016CirrusYou mention an SSL error below. Do you have a client and/or server SSL profile attached to your VIP?
- MSK_222682Feb 04, 2016NimbostratusHi Brad, Client and Server profile are attached to VIP. Below error is received when I attach your iRule code. Coming back to the issue, it still persists although iRule (shared by Kai) removes the duplicate secure, httponly attributes.