How to add Httponly and Secure attributes to HTTP cookies (for 11.5.x)

Problem this snippet solves: Problem this snippet solves: The script adds Httponly and Secure attributes to cookies issued by the server. In v12.x software there is a better way to achieve the s...
Published Dec 08, 2016
Version 1.0
application delivery
cookie
devops
httponly
iRules
LTM
security
Eswar_HCL_30327's avatar
Eswar_HCL_30327
Icon for Nimbostratus rankNimbostratus
Dec 19, 2016

when HTTP_RESPONSE { set setckval [HTTP::header values "Set-Cookie"] HTTP::header remove "Set-Cookie" foreach cookie1 $setckval { set cookie1 [string trimright [string trimright $cookie1] ";"] set list1 [lrange [split $cookie1 ";"] 1 end] set hasHttpOnly false if { $httpsVs } { set hasSecure false} else { set hasSecure true } foreach item1 $list1 { set titem1 [string tolower [string trim $item1]] if { ($titem1 eq "httponly") or ($titem1 starts_with "httponly=") } { set hasHttpOnly true } if { ($titem1 eq "secure") or ($titem1 starts_with "secure=")} { set hasSecure true } } if { not $hasHttpOnly } { set cookie1 "${cookie1}; Httponly" } if { not $hasSecure } { set cookie1 "${cookie1}; Secure" } HTTP::header insert "Set-Cookie" $cookie1 } }