Forum Discussion
Terje_Gravvold
Mar 29, 2012Nimbostratus
HTTP::cookie - How can I handle cookies with duplicate names but diffrent domain value?
I'm trying to set HttpOnly value for a given cookie name/domain combination (BigIP v9.4). The backend servers (OpenSSO) creates a authentication cookie that does not have this value set.
My problem is that OpenSSO sends out one cookie for each configured domain with the same cookie name but diffrent domain value. I've created an iRule to set the HttpOnly value for a given cookie name, but it does not work with duplicate cookie names. With duplicate cookie names the command seem to give back only the first match.
It seems like the HTTP::cookie value command is missing a domain parameter... Any logic leeding to setting the HttpOnly value for all cookies with name iPlanetDirectoryPro or a specific iPlanetDirectoryPro cookie would be acceptable.
iRule:
when HTTP_RESPONSE {
set OPENSSO_COOKIE [HTTP::cookie value iPlanetDirectoryPro]
if { $OPENSSO_COOKIE ne "" } {
log local0. "Detected OpenSSO iPlanetDirectoryPro cookie with value $OPENSSO_
COOKIE"
log local0. "Secure parameter for OpenSSO iPlanetDirectoryPro cookie is [HTTP
::cookie secure iPlanetDirectoryPro]"
HTTP::cookie value iPlanetDirectoryPro "$OPENSSO_COOKIE; HttpOnly"
log local0. "Setting new value for OpenSSO iPlanetDirectoryPro cookie, new va
lue is [HTTP::cookie value iPlanetDirectoryPro]"
}
}
I'm thankfull for any help regarding this issue.
Best regards
Terje Gravvold
- hooleylistCirrostratusHi Terje,
- hooleylistCirrostratusHi Terje,
- Sashi_81625Nimbostratusif you dont mind setting HttpOnly flag to all cookies then u can use this
- hooleylistCirrostratusNice idea Sashi. You would want to handle the possibility multiple Set-Cookie response headers with something like:
when HTTP_RESPONSE { set set_cookies [string map [list path "HttpOnly; path"] [HTTP::header values Set-Cookie]] HTTP::header remove Set-Cookies HTTP::header insert Set-Cookies $set_cookies }
- hooleylistCirrostratusActually, HTTP::header values returns the headers in a list. So you might need to join them with a semi-colon... here's another untested stab 🙂
when HTTP_RESPONSE { set set_cookies [string map [list path "HttpOnly; path"] [HTTP::header values Set-Cookie]] HTTP::header remove Set-Cookies HTTP::header insert Set-Cookies [join $set_cookies ";"] }
- Terje_GravvoldNimbostratusNice, thanks! My solution is a bit more complex :). I will test your logic later.
when HTTP_RESPONSE { set CookieCounter 0 foreach SetCookieHeader [HTTP::header values Set-Cookie] { incr CookieCounter log local0. "Saving Set-Cookie header value in array, index number = $CookieCounter, Value = $SetCookieHeader" set CookieArray("$CookieCounter") "$SetCookieHeader" } HTTP::header remove "Set-Cookie" log local0. "Removing Set-Cookie HTTP headers" foreach {Index Cookie} [array get CookieArray] { if { $Cookie contains "iPlanetDirectoryPro" } { HTTP::header insert "$Cookie; HttpOnly" log local0. "Inserting cookie - $Cookie; HttpOnly" } else { HTTP::header insert "$Cookie" log local0. "Inserting cookie - $Cookie" } } }
Recent Discussions
Related Content
Â
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects