For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Chad_Roberts_21's avatar
Chad_Roberts_21
Icon for Nimbostratus rankNimbostratus
Jun 18, 2008

Removing Duplicate Set-Cookie Definitions

Once again I come here with my hands open, hoping for someone to turn on the light over my head.     We've run into a scenario where our web servers sometimes send duplicate Set-Cookie defi...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jun 18, 2008

Hrm... the best option I can come up with is to get the last (or do you want the first?) Set-Cookie header value which starts with SESSIONID, save the value of the header, remove all SESSIONID cookies and then re-insert the Set-Cookie header with the SESSIONID you want to save.

Anyone else have ideas?

Aaron

 

  
 when HTTP_RESPONSE {   
  
     Insert some teest response headers 
    HTTP::header insert Set-Cookie {SESSIONID=AAAAAAAA; domain=.domain.com; path=/path/1} 
    HTTP::header insert Set-Cookie {keeper=don't delete; domain=.domain.com; path=/path/2} 
    HTTP::header insert Set-Cookie {SESSIONID=BBBBBBBB; domain=.domain.com; path=/path/3} 
    HTTP::header insert Set-Cookie {SESSIONID=CCCCCCCC; domain=.domain.com; path=/path/4} 
  
    log local0. "Set-Cookie header values: [HTTP::header values Set-Cookie]" 
    log local0. "First Set-Cookie header which starts with SESSIONID: [lsearch -glob -inline [HTTP::header values Set-Cookie] "SESSIONID*"]" 
    log local0. "Last  Set-Cookie header which starts with SESSIONID: [lsearch -glob -inline -start end [HTTP::header values Set-Cookie] "SESSIONID*"]" 
  
    set set_cookie_header [lsearch -glob -inline -start end [HTTP::header values Set-Cookie] "SESSIONID*"] 
    log local0. "\$set_cookie_header: $set_cookie_header" 
     
     Remove all SESSIONID cookies 
    while {[HTTP::cookie exists SESSIONID]}{ 
       HTTP::cookie remove SESSIONID 
    } 
    log local0. "Set-Cookie values: [HTTP::header values Set-Cookie]" 
  
     Re-insert the last SESSIONID Set-Cookie header 
    HTTP::header insert Set-Cookie $set_cookie_header 
     
    log local0. "SESSIONID cookie: [HTTP::cookie SESSIONID]"    
 }

 

Log output:

: Set-Cookie header values: {SESSIONID=AAAAAAAA; domain=.domain.com; path=/path/0} {keeper=don't delete; domain=.domain.com; path=/path/1} {SESSIONID=BBBBBBBB; domain=.domain.com; path=/path/2} {SESSIONID=CCCCCCCC; domain=.domain.com; path=/path/3}

: First Set-Cookie header which starts with SESSIONID: SESSIONID=AAAAAAAA; domain=.domain.com; path=/path/0

: Last Set-Cookie header which starts with SESSIONID: SESSIONID=CCCCCCCC; domain=.domain.com; path=/path/3

: $set_cookie_header: SESSIONID=CCCCCCCC; domain=.domain.com; path=/path/3

: Set-Cookie values: {keeper=don't delete; domain=.domain.com; path=/path/1}

: SESSIONID cookie: CCCCCCCC