For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Marcel_Derksen_'s avatar
Marcel_Derksen_
Icon for Nimbostratus rankNimbostratus
Mar 01, 2006

Single domain and multiple cookies

A customer is having difficulties with the large amount of   cookies that are presented back to the client. The number of returned cookies for a single site may exceed the RFC standard for this and...
application delivery
dev
devops
iRules
unRuleY_95363's avatar
unRuleY_95363
Historic F5 Account
Mar 02, 2006
Actually, I will add in that yes, this is totally feasible. Here is the approach that you could take.

 

 

If the client doesn't have your KEY cookie, then on the initial response generate a unique key (you could use AES::key for this). Then take all the cookies and put them in the session table under the key you generated. Then remove all the cookies and add the KEY cookie.

 

 

Then on subsequent requests, look up the session table using the value of the KEY cookie and add all the cookies stored there. The real tricky part would be that you will have to make sure the cookies are updated on subsequent responses (for example, the server adds another new cookie). I would maybe suggest using a Tcl array to store the cookies before putting them into the session table (the session table stores a Tcl object, so it can actually store the array too). This would make it easier to update the cookies as further requests happen.

 

 

This would be an awesome rule and we look forward to seeing it!!!