Setting HTTP COOkie

I assume you trying to use a cookie to bypass authentication. In this manner, cookie should be set in HTTP_RESPONSE, so client will get it, otherwise HTTP server just would throw it away.

Here is a sample rule you can take a look. It is in database. Certainly, you can have it done in your own style.

 
 when CLIENT_ACCEPTED {  
     set authinsck 0  
     set forceauth 1  
     set ckname BIGXAUTH  
     set ckpass 1xxx5678  
     set ckvalue [IP::client_addr]  
     set ckdomain .y.z  
     set asid [AUTH::start pam default_radius]  
 }  
 when HTTP_REQUEST {  
     if {[HTTP::cookie exists $ckname]} {  
         HTTP::cookie decrypt $ckname $ckpass 128  
         if {[HTTP::cookie value $ckname] eq $ckvalue} {  
             set forceauth 0  
         }  
         HTTP::cookie remove $ckname  
     }  
     if {$forceauth eq 1} {  
         AUTH::username_credential $asid [HTTP::username]  
         AUTH::password_credential $asid [HTTP::password]  
         AUTH::authenticate $asid  
         HTTP::collect  
     }  
 }  
 when HTTP_RESPONSE {  
     if {$authinsck eq 1} {  
         HTTP::cookie insert name $ckname value $ckvalue path / domain $ckdomain  
         HTTP::cookie secure $ckname enable  
         HTTP::cookie encrypt $ckname $ckpass 128  
     }  
 }  
 when AUTH_SUCCESS {  
     if {$asid eq [AUTH::last_event_session_id]} {  
         set authinsck 1  
         HTTP::release  
     }  
 }  
 when AUTH_FAILURE {  
     if {$asid eq [AUTH::last_event_session_id]} {  
         HTTP::respond 401 "WWW-Authenticate" "Basic realm=\"\""  
     }  
 }  
 when AUTH_WANTCREDENTIAL {  
     if {$asid eq [AUTH::last_event_session_id]} {  
         HTTP::respond 401 "WWW-Authenticate" "Basic realm=\"\""  
     }  
 }  
 when AUTH_ERROR {  
     if {$asid eq [AUTH::last_event_session_id]} {  
         HTTP::respond 401  
     }  
 }