Forum Discussion

Marcel_Derksen_'s avatar
Marcel_Derksen_
Icon for Nimbostratus rankNimbostratus
Mar 01, 2006

Single domain and multiple cookies

A customer is having difficulties with the large amount of

 

cookies that are presented back to the client. The number of returned cookies for a single site may exceed the RFC standard for this and they are looking for a solution where the client is only presented with a single cookie that cloaks all server cookies.

 

 

The questions I have is:

 

- Is there a way with irules to take care of this problem?

 

So can we in any way present less cookies to the client and still use the cookies to the server (and therewith the persistency)?

3 Replies

  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    Well, my first question would be...why so many cookies?

     

     

    If we take a look at what information is being stored in the cookies, how it's being used, and why it's necessary...we might be able to come up with a way to condense the usage a bit.

     

     

    -Colin
  • unRuleY_95363's avatar
    unRuleY_95363
    Historic F5 Account
    Actually, I will add in that yes, this is totally feasible. Here is the approach that you could take.

     

     

    If the client doesn't have your KEY cookie, then on the initial response generate a unique key (you could use AES::key for this). Then take all the cookies and put them in the session table under the key you generated. Then remove all the cookies and add the KEY cookie.

     

     

    Then on subsequent requests, look up the session table using the value of the KEY cookie and add all the cookies stored there. The real tricky part would be that you will have to make sure the cookies are updated on subsequent responses (for example, the server adds another new cookie). I would maybe suggest using a Tcl array to store the cookies before putting them into the session table (the session table stores a Tcl object, so it can actually store the array too). This would make it easier to update the cookies as further requests happen.

     

     

    This would be an awesome rule and we look forward to seeing it!!!
  • The reason why they want this construction is that multiple application are seated behind one url. Every application has its own cookie and need to be persistance on that cookie. The application number will exceed the 20 and therefore more than 20 cookies can be stored in one session. Since the RFC only states that a client need to be able to store 20 cookies we are looking for a way to present one cookie to the client and preserve the cookies from the server.