Forum Discussion

Chad_Roberts_21's avatar
Chad_Roberts_21
Icon for Nimbostratus rankNimbostratus
Jun 18, 2008

Removing Duplicate Set-Cookie Definitions

Once again I come here with my hands open, hoping for someone to turn on the light over my head.

 

 

We've run into a scenario where our web servers sometimes send duplicate Set-Cookie definitions in the same transmission, and we would like to prevent this with the BIG-IPs. Using the Live HTTP Headers plugin in Firefox, we see it look something like this:

 

 

Set-Cookie: SESSIONID=AAAAABBBBBCCCCC; domain=.domain.com; path=/path/

 

Set-Cookie: SESSIONID=AAAAABBBBBCCCCC; domain=.domain.com; path=/path/

 

Set-Cookie: SESSIONID=AAAAABBBBBCCCCC; domain=.domain.com; path=/path/

 

 

 

In my example all values are the same, which is often the case, but sometimes they are not. We want to keep the last cookie definition and discard any previous one. What I want to prevent is having to use a variable to fetch the value and every possible attribute (domain, path, secure, httponly, etc), delete all of the cookie definitions, and redefine it again, as that seems like an awful lot of unnecessary processing. I'm looking for a way specifically to just delete the duplicates and leave the final one intact.

 

 

To make things interesting, I've noticed that HTTP::cookie definitions seem to work from the bottom up instead of from the top down, so a reference that will only match on one of them will match on the last one, complicating things a bit.

 

 

Do you have any suggestions?
  • Hrm... the best option I can come up with is to get the last (or do you want the first?) Set-Cookie header value which starts with SESSIONID, save the value of the header, remove all SESSIONID cookies and then re-insert the Set-Cookie header with the SESSIONID you want to save.

    Anyone else have ideas?

    Aaron

     

      
     when HTTP_RESPONSE {   
      
         Insert some teest response headers 
        HTTP::header insert Set-Cookie {SESSIONID=AAAAAAAA; domain=.domain.com; path=/path/1} 
        HTTP::header insert Set-Cookie {keeper=don't delete; domain=.domain.com; path=/path/2} 
        HTTP::header insert Set-Cookie {SESSIONID=BBBBBBBB; domain=.domain.com; path=/path/3} 
        HTTP::header insert Set-Cookie {SESSIONID=CCCCCCCC; domain=.domain.com; path=/path/4} 
      
        log local0. "Set-Cookie header values: [HTTP::header values Set-Cookie]" 
        log local0. "First Set-Cookie header which starts with SESSIONID: [lsearch -glob -inline [HTTP::header values Set-Cookie] "SESSIONID*"]" 
        log local0. "Last  Set-Cookie header which starts with SESSIONID: [lsearch -glob -inline -start end [HTTP::header values Set-Cookie] "SESSIONID*"]" 
      
        set set_cookie_header [lsearch -glob -inline -start end [HTTP::header values Set-Cookie] "SESSIONID*"] 
        log local0. "\$set_cookie_header: $set_cookie_header" 
         
         Remove all SESSIONID cookies 
        while {[HTTP::cookie exists SESSIONID]}{ 
           HTTP::cookie remove SESSIONID 
        } 
        log local0. "Set-Cookie values: [HTTP::header values Set-Cookie]" 
      
         Re-insert the last SESSIONID Set-Cookie header 
        HTTP::header insert Set-Cookie $set_cookie_header 
         
        log local0. "SESSIONID cookie: [HTTP::cookie SESSIONID]"    
     } 
     

     

    Log output:

    : Set-Cookie header values: {SESSIONID=AAAAAAAA; domain=.domain.com; path=/path/0} {keeper=don't delete; domain=.domain.com; path=/path/1} {SESSIONID=BBBBBBBB; domain=.domain.com; path=/path/2} {SESSIONID=CCCCCCCC; domain=.domain.com; path=/path/3}
    
    : First Set-Cookie header which starts with SESSIONID: SESSIONID=AAAAAAAA; domain=.domain.com; path=/path/0
    
    : Last Set-Cookie header which starts with SESSIONID: SESSIONID=CCCCCCCC; domain=.domain.com; path=/path/3
    
    : $set_cookie_header: SESSIONID=CCCCCCCC; domain=.domain.com; path=/path/3
    
    : Set-Cookie values: {keeper=don't delete; domain=.domain.com; path=/path/1}
    
    : SESSIONID cookie: CCCCCCCC