Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

iRule setting Cookie Secure and SameSite

sgnormo
Cirrus
Cirrus

‎20-Sep-2022 07:35

Created an iRule to set a cookie attribute to secure and samesite to Strict.  The site admins are reporting that this works and then will not work.  The virtual server is not using any persistences.  When I try it the cookie attributes are set.  So any ideas on how best to troubleshoot this issue

 

 

when HTTP_RESPONSE {
set cookie_name [HTTP::cookie names]
if { $cookie_name equals "SessionID" } {
HTTP::cookie secure $cookie_name enable
HTTP::cookie attribute $cookie_name insert "SameSite" "Strict"

}
}

Labels:
0 Kudos
2 REPLIES 2

gersbah
Cirrostratus
Cirrostratus

‎20-Sep-2022 07:57

[HTTP::cookie names] returns a list of all cookies in the response, so what I think happens is if the SessionID cookie is the only cookie being set, it works, otherwise it doesn't.

You can iterate through the list of cookies, like shown here in the Examples but for your case it's probably simpler to use this condition instead:

if { [HTTP::cookie exists "SessionID"] } {
HTTP::cookie secure SessionID enable
HTTP::cookie attribute SessionID insert "SameSite" "Strict"
}

 

0 Kudos

sgnormo
Cirrus
Cirrus
In response to gersbah

‎21-Sep-2022 03:11

I appreciate that explaination and snippet of code.  i am still learning here.

I think I found why it might be having issues when traffic orignates from one location, while all the other locations appears to be working fine.

 

Internet User --> F5 (SSLO and WAF)--->F5 (Local site with iRule)-->backend servers - Works only when browser is refreshed.

Internal Users --> F5 (Local site with iRule)-->backend servers - This works 

0 Kudos
Copyright © 2023 Khoros, LLC