Forum Discussion
Order of cookies
- Nov 13, 2022
Hi EduardoSousa,
you somehow did not mention in which direction you want to reverse the cookie order. From BIG-IP to browser, or from BIG-IP to backend server. Hence I presumed you want to reverse the order from BIG-IP to backend server.
Here is my iRule:
when HTTP_REQUEST_RELEASE { # Remove Cookie by name HTTP::cookie remove "BIGCookie" # Reverse order of Cookies if { [HTTP::header exists Cookie] } { set cookie_rev {} set values [split " [HTTP::header Cookie]" ";"] set i [llength $values] while {$i} {lappend cookie_rev [lindex $values [incr i -1]]} set cookie_fini [join $cookie_rev ";"] HTTP::header replace Cookie "$cookie_fini" unset cookie_fini unset cookie_rev } }
Browser to BIG-IP:
BIG-IP to backend server
BIGCookie is removed, order is reversed.Does this solve your issue?
Note: The order of cookies usually should not be an issue. In my opinion reversing the order is not required. Maybe you can explain us, why you have this requirement?
KR
Daniel
Hi EduardoSousa,
you somehow did not mention in which direction you want to reverse the cookie order. From BIG-IP to browser, or from BIG-IP to backend server. Hence I presumed you want to reverse the order from BIG-IP to backend server.
Here is my iRule:
when HTTP_REQUEST_RELEASE {
# Remove Cookie by name
HTTP::cookie remove "BIGCookie"
# Reverse order of Cookies
if { [HTTP::header exists Cookie] } {
set cookie_rev {}
set values [split " [HTTP::header Cookie]" ";"]
set i [llength $values]
while {$i} {lappend cookie_rev [lindex $values [incr i -1]]}
set cookie_fini [join $cookie_rev ";"]
HTTP::header replace Cookie "$cookie_fini"
unset cookie_fini
unset cookie_rev
}
}
Browser to BIG-IP:
BIG-IP to backend server
BIGCookie is removed, order is reversed.
Does this solve your issue?
Note: The order of cookies usually should not be an issue. In my opinion reversing the order is not required. Maybe you can explain us, why you have this requirement?
KR
Daniel
- Daniel_WolfNov 13, 2022MVP
Daniel_Wolf wrote:Note: The order of cookies usually should not be an issue. In my opinion reversing the order is not required. Maybe you can explain us, why you have this requirement?
For the sake of completeness - how did I come up with this opinion:
- HTTP State Management Mechanism
Although cookies are serialized linearly in the Cookie header, servers SHOULD NOT rely upon the serialization order. In particular, if the Cookie header contains two cookies with the same name (e.g., that were set with different Path or Domain attributes), servers SHOULD NOT rely upon the order in which these cookies appear in the header. - portswigger.net - Duplicate cookies set
- JRahmNov 14, 2022Admin
and the RFC in support of that as well on field order with HTTP...if Daniel_Wolf's response was helpful to you, can you mark it as solved, EduardoSousa? Thanks...Jason
- HTTP State Management Mechanism
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com