Forum Discussion
Remove all Cookies incase based on specific condition
We've a requimrent to flush all cookies from the user session incase a user deleted one cookie from client browser.
why such request, our web servers have some security restrictions to have both cookies in reqeust for session to be valid "JSESSIONID & LtpaToken2".
incase a user deleted "LtpaToken2", then the "JSESSIONID" must be deleted else user will get the web server error code.
Please need your support to suggest the way to flush all cookies incase LtpaToken2 is removed and if we can add more condiations such as : refere contains /wps/portal/.
we've tried below but didn't work:
when HTTP_REQUEST {
if { ( [HTTP::uri] starts_with "/wps/myportal/" ) and ( [HTTP::cookie exists "JSESSIONID"] ) and ( not [HTTP::cookie exists "LtpaToken2"] ) } {
log local0. "Remove cookie JSESSIONID From Request as LtpaToken2 is not present"
HTTP::cookie remove "JSESSIONID"
HTTP::redirect https://www.mysite.com/landing.html
}
}
can you try this :
if { ( [HTTP::uri] starts_with "/wps/myportal/" ) and ( [HTTP::cookie exists "JSESSIONID"] ) and not ( [HTTP::cookie exists "LtpaToken2"] ) }- Abdulaziz1Nimbostratus
I've tried the suggested change, but still same issue cookie presists
Wrong approach. You need to instruct the web browser to invalidate the cookie. Take a look ar the following thread:
https://community.f5.com/t5/technical-forum/irule-delete-cookie-value-on-a-302-redirect/td-p/82205
In your iRule example, you are only stripping the cookie from being passed between the client and the F5. The cookie would still reside on the client machine.
- Abdulaziz1Nimbostratus
could you plz post a sample irule as a guidance, as this kind of irules is new to us
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com