Forum Discussion

sgnormo's avatar
sgnormo
Icon for Cirrus rankCirrus
Sep 20, 2022

iRule setting Cookie Secure and SameSite

Created an iRule to set a cookie attribute to secure and samesite to Strict.  The site admins are reporting that this works and then will not work.  The virtual server is not using any persistences.  When I try it the cookie attributes are set.  So any ideas on how best to troubleshoot this issue

 

 

when HTTP_RESPONSE {
set cookie_name [HTTP::cookie names]
if { $cookie_name equals "SessionID" } {
HTTP::cookie secure $cookie_name enable
HTTP::cookie attribute $cookie_name insert "SameSite" "Strict"

}
}

2 Replies

  • [HTTP::cookie names] returns a list of all cookies in the response, so what I think happens is if the SessionID cookie is the only cookie being set, it works, otherwise it doesn't.

    You can iterate through the list of cookies, like shown here in the Examples but for your case it's probably simpler to use this condition instead:

    if { [HTTP::cookie exists "SessionID"] } {
    HTTP::cookie secure SessionID enable
    HTTP::cookie attribute SessionID insert "SameSite" "Strict"
    }

     

    • sgnormo's avatar
      sgnormo
      Icon for Cirrus rankCirrus

      I appreciate that explaination and snippet of code.  i am still learning here.

      I think I found why it might be having issues when traffic orignates from one location, while all the other locations appears to be working fine.

       

      Internet User --> F5 (SSLO and WAF)--->F5 (Local site with iRule)-->backend servers - Works only when browser is refreshed.

      Internal Users --> F5 (Local site with iRule)-->backend servers - This works