Forum Discussion

Steve_245's avatar
Steve_245
Icon for Nimbostratus rankNimbostratus
Jan 21, 2016

Remove Cookie from Request Based on Cookie Domain

I have a web application that will fail if it sees any cookies other than what it knows should be present. I need to scrape/remove all cookies other than that which is required. The required cookie has a semi-dynamic name that could be partially shared with cookies that we do not want. Thus I'm focusing on the cookie domain which I know will be unique. Below is my attempt to complete this. The reason I am not working on the http response is that the other cookies on the client may be required for other applications so I just have to allow only the cookie of interest on the incoming (Request) traffic. The problem I am currently having is that the cookie domain appears to be empty for every incoming cookie. The logging is working properly, but the rule is removing every cookie because the 'cookiedomain' variable is empty. If I change the step 2 logging to "[HTTP::cookie domain $cookie]" it still is blank when outputting the cookie domain. Any help identifying why I am not properly capturing the cookie domain would be much appreciated.

when HTTP_REQUEST {
 set cookies [HTTP::cookie names]
 foreach cookie $cookies {
  log local0. "step 1 - cookie name is $cookie"
  set cookiedomain [HTTP::cookie domain $cookie]
  log local0. "step 2 - cookie domain is $cookiedomain"
  if { $cookiedomain ne "test.mysite.org" }{
  log local0. "step 3 - Removing cookie $cookie"
  HTTP::cookie remove $cookie
  }
 }
}
  • Hi Steve,

    the cookie domain, cookie path, cookie timestamps, secure etc. values are just send in a HTTP responses.

    Those values will instruct the browser to which application the cookie would be accessible, to which site/path the cookie could be send and how long it will be cached, etc.

    In a HTTP requests each cookie will basically look similiar - it would just have a name and a value.

    To fix your application, you have to identify every valid cookie name. Dump those names and values in a variable, then remove the entire cookie header and restore just the good cookie names and values...

    when RULE_INIT {
        set static::good_cookies "cookie_name1 cookie_name2 cookie_name3"
    }
    when HTTP_REQUEST {
        foreach cookie_name $static::good_cookies {
            append cookie_to_replay "$cookie_name=[HTTP::cookie value $cookie_name]; "
        }
        HTTP::header remove "Cookie"
        HTTP::header insert "Cookie" [string trim $cookie_to_replay "; "]
        unset -nocomplain cookie_to_replay
    }
    

    Cheers, Kai