iRule to set SameSite for compatible clients and remove it for incompatible clients (LTM|ASM|APM)
A bunch of us have been refining approaches to help customers handle the new browser enforcement of the HTTP cookie SameSite attribute. I think we have a pretty solid approach now to handle compatib...
In our situation we are only interested in fixing the BigIP cookie for sticky load balancing. If that's the case wouldn't it make more sense delay the call to checkSameSiteCompatible until we are processing the response. In that way we can avoid doing all the regex compares, if there are no cookies present in the response that we want to change. It seems wasteful for me to be processing all those regexes for each request when there are not relevant cookies.
If that's the case, even with all these options to set all cookies etc, I think there should be a way to store off the user agent value in a variable when processing the request, then use it in the response while maintaining a flag that will tell you if you already checked. For instance we can initialize same_site_compatible to -1 which tells us it has not yet been checked. This way we can arrange the logic during the response processing to only check the user agent once for the first occurence of a cookie we want to process.
I'm not proficient in writing IRules so maybe I'm missing something important here, so I would appreciate feedback letting me know if my idea has flaws besides the obvious one of adding some more complexity to the logic.