Forum Discussion

Nimbostratus

10 years ago

Multiple Secure and HttpOnly attributes seen for cookie

Hi, I ran a curl command from a linux machine to a URL (on https) which is hosted on our BIG IP LTM. This virtual server has been set to add Secure, HttpOnly attributes to the cookie. However, I s...

Nacreous

10 years ago

Try using this iRule. It will not try to set secure or httponly if it is already set. What you are doing to manually changing the cookie payload without inspecting what is already there.

when HTTP_RESPONSE {
    foreach mycookie [HTTP::cookie names] {
        HTTP::cookie secure $mycookie enable
        HTTP::cookie httponly $mycookie enable
    }
}

https://devcentral.f5.com/wiki/iRules.HTTP__cookie.ashx

Brad_Parker_139

Nacreous

10 years ago

You don't necessarily have to persist on JESSIONID, but if you want to you can using universal persistence. https://support.f5.com/kb/en-us/solutions/public/7000/300/sol7392.html

Forum Discussion

Multiple Secure and HttpOnly attributes seen for cookie

Tyler - May 2026 Featured Member

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

Recent Discussions

version 21.1 ACME setup for certificate renewal with Digicert

F5 BIGIP & XC certbot plugin

Use F5 APM as Forward Proxy

Question about source persistence across traffic group

OpenID Connect as Client and Resource server

Related Content

Using n8n To Orchestrate Multiple Agents

Multiple value seperator in saml Attribute

How to add Httponly and Secure attributes to HTTP cookies (for 11.5.x)

AD Authentication using multiple user attributes

Lightboard Lessons: HTTP Cookie SameSite Attribute