Forum Discussion
Mohamed_Sayed_3
Nimbostratus
NimbostratusSetting SameSite flag on ASM cookie using ASM system variables
Hello,
I've a question, can we add samesite flag to ASM cookie with the same way we do for httponly and secure flags through creating system variables using the below KB: https://support.f5.com/csp/article/K13787
For Example: * Parameter Name: cookie_samesite_attr * Parameter Value: strict (or lax depending on the application need)
Thanks in advance.
rob_carrCirrostratus
System variable aren't getting created when /usr/share/ts/bin/add_del_internal add [cookie_secure_attr | cookie_httponly_attr] is run. Setting the value to 1 enables setting the flag, setting the value to 0 disables setting the flag.
I think this issue is worth a call to support, to see if there is an RFE.
samstepCirrocumulus
You can modify ASM cookies and add SameSite attribute (or do any other header manipulation) using an iRule and HTP_RESPONSE_RELEASE event, see:
K14211: Using an iRule to parse post-ASM requests and responses
https://support.f5.com/csp/article/K14211
Here's an iRule that will set SameSite on cookies that the web app, ASM or other BIG-IP modules set via the Set-Cookie header:
https://devcentral.f5.com/s/articles/iRule-to-set-SameSite-for-compatible-clients-and-remove-it-for-incompatible-clients-LTM-ASM-APM
Aaron
