cancel
Showing results for 
Search instead for 
Did you mean: 

iRule setting Cookie Secure and SameSite

sgnormo
Altocumulus
Altocumulus

Created an iRule to set a cookie attribute to secure and samesite to Strict.  The site admins are reporting that this works and then will not work.  The virtual server is not using any persistences.  When I try it the cookie attributes are set.  So any ideas on how best to troubleshoot this issue

 

 

when HTTP_RESPONSE {
set cookie_name [HTTP::cookie names]
if { $cookie_name equals "SessionID" } {
HTTP::cookie secure $cookie_name enable
HTTP::cookie attribute $cookie_name insert "SameSite" "Strict"

}
}

2 REPLIES 2

gersbah
Cirrostratus
Cirrostratus

[HTTP::cookie names] returns a list of all cookies in the response, so what I think happens is if the SessionID cookie is the only cookie being set, it works, otherwise it doesn't.

You can iterate through the list of cookies, like shown here in the Examples but for your case it's probably simpler to use this condition instead:

if { [HTTP::cookie exists "SessionID"] } {
HTTP::cookie secure SessionID enable
HTTP::cookie attribute SessionID insert "SameSite" "Strict"
}

 

I appreciate that explaination and snippet of code.  i am still learning here.

I think I found why it might be having issues when traffic orignates from one location, while all the other locations appears to be working fine.

 

Internet User --> F5 (SSLO and WAF)--->F5 (Local site with iRule)-->backend servers - Works only when browser is refreshed.

Internal Users --> F5 (Local site with iRule)-->backend servers - This works