Forum Discussion
alkjones_3684
Nimbostratus
Jul 15, 2012'secure' and httponly' attribute for aspsessionid* cookies
ive searched for various terms here and found nothing so apologies if im doubling up a question thats already been answered numerous times.
I need to set secure and httponly attributes on as...
alkjones_3684
Nimbostratus
Jul 15, 2012the solution provided by a rather awesome support engineer:
when HTTP_RESPONSE { set myValues [HTTP::cookie names] foreach mycookies $myValues { if { [HTTP::cookie expires $mycookies] eq "" }{ set mypath [HTTP::cookie path $mycookies] set myvalue [HTTP::cookie $mycookies] HTTP::cookie remove $mycookies HTTP::cookie insert name $mycookies value $myvalue version 1 HTTP::cookie httponly $mycookies enable HTTP::cookie secure $mycookies enable if { $mypath ne "" } { HTTP::cookie path $mycookies $mypath } } else { HTTP::cookie secure $mycookies enable } } }
its late, so you can do the formatting yourself..
NOTE -
Duplicate cookies will definitely give you problems when using this irule.
NON-RFC compliant cookies will probably give you a problem when using this irule..
Cheers
Alastair
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects