Forum Discussion
Chris_Miller
Altostratus
AltostratusRewrite Existing Client Cookie
Let's say a client has a cookie called "sample" with a value of "1" Can an F5 replace the value of the cookie on the client machine? I know it can insert a new cookie with the same name and different value but am unsure of how to replace it.
naladar_65658I think something like this would allow you to change the cookie value. Sorry, I don't have a good way to test this out at the moment.when HTTP_REQUEST { Check if the cookie exists in request if { [HTTP::cookie exists "cookie-name"] } { Change cookie's value HTTP::cookie [value] [string] } }- Chris_MillerPosted By naladar on 08/09/2010 11:42 AM I think something like this would allow you to change the cookie value. Sorry, I don't have a good way to test this out at the moment.
Since this is in the HTTP_REQUEST event, this would just be replacing it from the F5 to the pool member, right?when HTTP_REQUEST { Check if the cookie exists in request if { [HTTP::cookie exists "cookie-name"] } { Change cookie's value HTTP::cookie [value] [string] } } - naladar_65658That is correct. To modify the cookie coming from the server going to the client you would have to use when HTTP_RESPONSE. Here is a good URL for a Wiki article talking about encrypting cookies, in which they describe how to change the values of the cookies.
- Chris_MillerPosted By naladar on 08/09/2010 12:19 PM
That is correct. To modify the cookie coming from the server going to the client you would have to use when HTTP_RESPONSE. Here is a good URL for a Wiki article talking about encrypting cookies, in which they describe how to change the values of the cookies.
I think you may have forgotten the link. :-P 
hoolioCirrostratus
From RFC2109:
4.3.3 Cookie Management
If a user agent receives a Set-Cookie response header whose NAME is
the same as a pre-existing cookie, and whose Domain and Path
attribute values exactly (string) match those of a pre-existing
cookie, the new cookie supersedes the old. However, if the Set-
Cookie has a value for Max-Age of zero, the (old and new) cookie is
discarded. Otherwise cookies accumulate until they expire (resources
permitting), at which time they are discarded.
So you can overwrite an existing cookie value by setting a new cookie with the same name, domain and path as the prior cookie. You can do this in HTTP_RESPONSE using HTTP::cookie insert name < name > value < value >.
Aaron- Chris_MillerPosted By hoolio on 08/09/2010 02:49 PM From RFC2109:
4.3.3 Cookie Management
If a user agent receives a Set-Cookie response header whose NAME is
the same as a pre-existing cookie, and whose Domain and Path
attribute values exactly (string) match those of a pre-existing
cookie, the new cookie supersedes the old. However, if the Set-
Cookie has a value for Max-Age of zero, the (old and new) cookie is
discarded. Otherwise cookies accumulate until they expire (resources
permitting), at which time they are discarded.
So you can overwrite an existing cookie value by setting a new cookie with the same name, domain and path as the prior cookie. You can do this in HTTP_RESPONSE using HTTP::cookie insert name < name > value < value >.
Aaron Thanks as always! I'm currently doing just this but have noticed my browser showing multiple cookies and as I use the "expire at browser close" default, I wasn't entirely sure how the F5 would handle a user with 2 "example" cookies. So, if I have an iRule like the following:
and the user has 2 "example" cookies, with the most recently inserted being "2", it would send the user to pool 2?when HTTP_REQUEST { if { [HTTP::cookie "example"] eq 1 } { pool 1 } elseif { [HTTP::cookie "example"] eq 2 } { pool 2 } } - hoolioBased on a little experience with this and reading the RFC, if you're setting the cookie correctly from LTM, it should overwrite the pre-existing cookie with the new value. If that's what you want to happen and it's not, I'd try investigating that issue further rather than try to determine which cookie in the request is the "correct" one.
With HTTP::cookie, it doesn't seem like there is a simple way to handle two different cookies with the same value. With headers you can use 'HTTP::header values $header_name' to get the values for multiple instances of the same header. It's also worth noting that you can't differentiate between two cookies set with a different path or domain on requests as the client only includes the cookie name and value--not any of the properties that the cookies were set with.
Aaron 
Rami_307440Nimbostratus
Hi Aaron, HTTP::cookie insert name < name > value < value >
That will insert a new cookie name and it will not over write the existing one.
~Rami
