Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

Are you an expert?    Interested in presenting at F5 AppWorld 2024?    Submit a proposal by Nov 29th!

Can't identify cookie

Go to solution
stupid48
Altocumulus
Altocumulus

‎27-Jul-2022 09:14

So, I'm running the "ultimate iRule debug" trying to figure out who is setting a cookie.  It's a cookie that we think shouldn't be coming from the pool member.  The reason we say that is when we test with a working connection (ie authenticated), that cookie never gets set.  Specifically, in the debug, we don't see in in the "http_response" but see it in the "http_response_release":

<HTTP_RESPONSE>: ----------- http_response -----------
<HTTP_RESPONSE>: uid: db9aebfa8 - status: 200
<HTTP_RESPONSE>: uid: db9aebfa8 - pool member IP: /Common/Prod.app/Prod_pool 10.xxx.xxx.xxx 4443
<HTTP_RESPONSE>: uid: db9aebfa8 - Date: Wed, 27 Jul 2022 15:44:05 GMT
<HTTP_RESPONSE>: uid: db9aebfa8 - Server:
<HTTP_RESPONSE>: uid: db9aebfa8 - Last-Modified: Sun, 27 Mar 2022 14:31:19 GMT
<HTTP_RESPONSE>: uid: db9aebfa8 - ETag: "4c5-5db340c8e7bc0"
<HTTP_RESPONSE>: uid: db9aebfa8 - Accept-Ranges: bytes
<HTTP_RESPONSE>: uid: db9aebfa8 - Content-Length: 1221
<HTTP_RESPONSE>: uid: db9aebfa8 - X-Frame-Options: SAMEORIGIN
<HTTP_RESPONSE>: uid: db9aebfa8 - X-Content-Type-Options: nosniff
<HTTP_RESPONSE>: uid: db9aebfa8 - Keep-Alive: timeout=15
<HTTP_RESPONSE>: uid: db9aebfa8 - Connection: Keep-Alive
<HTTP_RESPONSE>: uid: db9aebfa8 - Content-Type: text/html
<HTTP_RESPONSE>: uid: db9aebfa8 - Content-Language: en
<HTTP_RESPONSE>: uid: db9aebfa8 - Set-Cookie: cosmos=1795096330.23313.0000; path=/; Httponly; Secure
<HTTP_RESPONSE>: ----------- http_response -----------
<HTTP_RESPONSE>:
<HTTP_RESPONSE_DATA>: ----------- http_response_payload -----------
<HTTP_RESPONSE_DATA>: uid: db9aebfa8 - Response (Body) payload: <!-- dbdrv: none --> <!-- appdet.html --> <html> <HEAD> <TITLE>Home Page Redirect</TITLE> <META http-equiv=REFRESH content="1; URL=https://xx"> </HEAD> <body> <DIV ID="content">
<HTTP_RESPONSE_DATA>: ----------- http_response_payload -----------
<HTTP_RESPONSE_DATA>:
<HTTP_RESPONSE_RELEASE>: ----------- http_response_release -----------
<HTTP_RESPONSE_RELEASE>: uid: db9aebfa8 - status: 200
<HTTP_RESPONSE_RELEASE>: uid: db9aebfa8 - pool member IP: /Common/Prod.app/Prod_pool 10.xxx.xxx.xxx 4443
<HTTP_RESPONSE_RELEASE>: uid: db9aebfa8 - Date: Wed, 27 Jul 2022 15:44:05 GMT
<HTTP_RESPONSE_RELEASE>: uid: db9aebfa8 - Last-Modified: Sun, 27 Mar 2022 14:31:19 GMT
<HTTP_RESPONSE_RELEASE>: uid: db9aebfa8 - ETag: "4c5-5db340c8e7bc0"
<HTTP_RESPONSE_RELEASE>: uid: db9aebfa8 - Accept-Ranges: bytes
<HTTP_RESPONSE_RELEASE>: uid: db9aebfa8 - Content-Length: 1221
<HTTP_RESPONSE_RELEASE>: uid: db9aebfa8 - X-Frame-Options: SAMEORIGIN
<HTTP_RESPONSE_RELEASE>: uid: db9aebfa8 - X-Content-Type-Options: nosniff
<HTTP_RESPONSE_RELEASE>: uid: db9aebfa8 - Keep-Alive: timeout=15
<HTTP_RESPONSE_RELEASE>: uid: db9aebfa8 - Connection: Keep-Alive
<HTTP_RESPONSE_RELEASE>: uid: db9aebfa8 - Content-Type: text/html
<HTTP_RESPONSE_RELEASE>: uid: db9aebfa8 - Content-Language: en
<HTTP_RESPONSE_RELEASE>: uid: db9aebfa8 - Set-Cookie: TS011b84d2=016cf3c73c8f3d3632c2783e0a6b27af43cf9a592e6129af3e0094acb85d88f58b02e11b8e2eb6d5ab7441d929cb436e1013ea5426b3043afc175bdc1f95d285a3e1faa534; Path=/
<HTTP_RESPONSE_RELEASE>: uid: db9aebfa8 - Set-Cookie: TS011b84d2=016cf3c73c8f3d3632c2783e0a6b27af43cf9a592e6129af3e0094acb85d88f58b02e11b8e2eb6d5ab7441d929cb436e1013ea5426b3043afc175bdc1f95d285a3e1faa534; Path=/
<HTTP_RESPONSE_RELEASE>: ----------- http_response_release -----------

The cookie I am referring to is: TS011b84d2

My question is, why does the cookie show up only in the http_response_release?  Wouldn't it show up in the http_response as well if it was being set by the pool member?  To me it almost seems like the LTM is setting the cookie.

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
JRahm
Community Manager
Community Manager

‎27-Jul-2022 14:02

TS cookies come from ASM/AdvWAF. That uses the plugin architecture, which grabs responses early on the server side, bypasses much of the normal hud chain on the proxy path, and releases them late on the client side, which is why they are masked until HTTP_RESPONSE_RELEASE. Here are details on the ASM cookies: https://support.f5.com/csp/article/K54501322

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral

View solution in original post

3 REPLIES 3

Go to solution
JRahm
Community Manager
Community Manager

‎27-Jul-2022 14:02

TS cookies come from ASM/AdvWAF. That uses the plugin architecture, which grabs responses early on the server side, bypasses much of the normal hud chain on the proxy path, and releases them late on the client side, which is why they are masked until HTTP_RESPONSE_RELEASE. Here are details on the ASM cookies: https://support.f5.com/csp/article/K54501322

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral

Go to solution
stupid48
Altocumulus
Altocumulus
In response to JRahm

‎27-Jul-2022 14:04

Oh my.  Thanks so much.

Go to solution
JRahm
Community Manager
Community Manager
In response to stupid48

‎27-Jul-2022 14:16

you bet!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral
Copyright © 2023 Khoros, LLC