Forum Discussion

Nimbostratus

Aug 05, 2019

'SameSite=strict' attribute to cookies

Trying to find the correct irule script to set 'SameSite=strict' attribute to cookies. I have not found anything that will do this yet in an iurle anyone have any ideas?

2 Replies

Aaron_Hooley
Ret. Employee
Feb 16, 2020
Here's an iRule that will set SameSite on cookies that the web app or BIG-IP modules set via the Set-Cookie header:

https://devcentral.f5.com/s/articles/iRule-to-set-SameSite-for-compatible-clients-and-remove-it-for-incompatible-clients-LTM-ASM-APM

Aaron
Simon_Blakely
Employee
Aug 05, 2019
You can use the
HTTP::cookie attribute <cookie name> insert <attribute> <value>

e.g.
HTTP::cookie attribute mycookie insert " Samesite" strict

Note the leading space before the attribute name - this is due to
Bug ID 801705: When inserting a cookie or a cookie attribute, BIG-IP does not add a leading space, required by RFC