Forum Discussion

EduardoSousa's avatar
EduardoSousa
Icon for Altocumulus rankAltocumulus
Nov 03, 2022
Solved

Order of cookies

Hello there

We have a problem where, at some times the order of cookies in the package are reversed, I wonder if there is an irule to reverse cookies, making the application cookie available before the F5 cookie? It's possible?

application delivery
security
  • Daniel_Wolf's avatar
    Daniel_Wolf
    Nov 13, 2022

    Hi EduardoSousa,

    you somehow did not mention in which direction you want to reverse the cookie order. From BIG-IP to browser, or from BIG-IP to backend server. Hence I presumed you want to reverse the order from BIG-IP to backend server.

    Here is my iRule:

     

    when HTTP_REQUEST_RELEASE {
    # Remove Cookie by name
     HTTP::cookie remove "BIGCookie"
     # Reverse order of Cookies
     if { [HTTP::header exists Cookie] } {
        set cookie_rev {}
        set values [split " [HTTP::header Cookie]" ";"]
        set i [llength $values]
        while {$i} {lappend cookie_rev [lindex $values [incr i -1]]}
        set cookie_fini [join $cookie_rev ";"]
        HTTP::header replace Cookie "$cookie_fini"
        unset cookie_fini
        unset cookie_rev
    }
}

     

    Browser to BIG-IP:

    BIG-IP to backend server
    BIGCookie is removed, order is reversed.

    Does this solve your issue?

    Note: The order of cookies usually should not be an issue. In my opinion reversing the order is not required. Maybe you can explain us, why you have this requirement?

    KR
    Daniel

     

     

4 Replies

Sort By
  • Daniel_Wolf's avatar
    Daniel_Wolf
    Icon for MVP rankMVP
    Nov 13, 2022

    Hi EduardoSousa,

    you somehow did not mention in which direction you want to reverse the cookie order. From BIG-IP to browser, or from BIG-IP to backend server. Hence I presumed you want to reverse the order from BIG-IP to backend server.

    Here is my iRule:

     

    when HTTP_REQUEST_RELEASE {
    # Remove Cookie by name
     HTTP::cookie remove "BIGCookie"
     # Reverse order of Cookies
     if { [HTTP::header exists Cookie] } {
        set cookie_rev {}
        set values [split " [HTTP::header Cookie]" ";"]
        set i [llength $values]
        while {$i} {lappend cookie_rev [lindex $values [incr i -1]]}
        set cookie_fini [join $cookie_rev ";"]
        HTTP::header replace Cookie "$cookie_fini"
        unset cookie_fini
        unset cookie_rev
    }
}

     

    Browser to BIG-IP:

    BIG-IP to backend server
    BIGCookie is removed, order is reversed.

    Does this solve your issue?

    Note: The order of cookies usually should not be an issue. In my opinion reversing the order is not required. Maybe you can explain us, why you have this requirement?

    KR
    Daniel

     

     

    • Daniel_Wolf's avatar
      Daniel_Wolf
      Icon for MVP rankMVP
      Nov 13, 2022
      Daniel_Wolf wrote:

      Note: The order of cookies usually should not be an issue. In my opinion reversing the order is not required. Maybe you can explain us, why you have this requirement?

      For the sake of completeness - how did I come up with this opinion:

      • HTTP State Management Mechanism
        Although cookies are serialized linearly in the Cookie header, servers SHOULD NOT rely upon the serialization order. In particular, if the Cookie header contains two cookies with the same name (e.g., that were set with different Path or Domain attributes), servers SHOULD NOT rely upon the order in which these cookies appear in the header.
      • portswigger.net - Duplicate cookies set