Increased Security With First Party Cookies

HTTP cookies are an essential part of many web based applications, useful for tracking session and state information.  But they can also be exploited to leak information to third party sites using a ...
Published Mar 30, 2018
Version 1.0
cookie
iRules
LTM
samesite
security
Chris_Olson's avatar
Chris_Olson
Icon for Nimbostratus rankNimbostratus
Jan 14, 2020

This is failing for me too. However, in my case, we have a collaboration portal and must ALLOW third party cookies. This is tied to Googles browser change. I've tried modifying the above irule and changed the set cookie line to:

set set_cookie [concat $set_cookie "; SameSite=None"]

However, this resulted in duplicate cookies and the collaboration portal connection failed. Changing the policy rule to:

value "tcl:[HTTP::header Set-Cookie]; SameSite=None"

also failed to work.

There has to be an easy way to modify the cookie value to Samesite=None to allow our Chrome users to continue to use the portal. I am a network admin and not a developer so any assistance is appreciated.