For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

How to add Httponly and Secure attributes to HTTP cookies (for 11.5.x)

Problem this snippet solves: Problem this snippet solves: The script adds Httponly and Secure attributes to cookies issued by the server. In v12.x software there is a better way to achieve the s...
Published Dec 08, 2016
Version 1.0
application delivery
cookie
devops
httponly
iRules
LTM
security
VadimT's avatar
VadimT
Icon for Nimbostratus rankNimbostratus
Dec 16, 2016

Hi Eswar, It is possible that your browser still uses old cookies, so the server does not need to send updated ones. I would start with removing all cookies for the VS/FQDN in question from your browser cache. Then I would access the VS via browser and after that I would check the list of (updated) cookies to see whether the "httponly" (and "secure" for HTTPS) attributes are there. Fiddler can be used for this second step, but you still would need to start with clearing the cookies. Please let me know how it went. I have not tested the iRule with 11.6.x software, but it should work.