Forum Discussion
Chad_Roberts_21
Nimbostratus
NimbostratusRemoving Duplicate Set-Cookie Definitions
Once again I come here with my hands open, hoping for someone to turn on the light over my head.
We've run into a scenario where our web servers sometimes send duplicate Set-Cookie definitions in the same transmission, and we would like to prevent this with the BIG-IPs. Using the Live HTTP Headers plugin in Firefox, we see it look something like this:
Set-Cookie: SESSIONID=AAAAABBBBBCCCCC; domain=.domain.com; path=/path/
Set-Cookie: SESSIONID=AAAAABBBBBCCCCC; domain=.domain.com; path=/path/
Set-Cookie: SESSIONID=AAAAABBBBBCCCCC; domain=.domain.com; path=/path/
In my example all values are the same, which is often the case, but sometimes they are not. We want to keep the last cookie definition and discard any previous one. What I want to prevent is having to use a variable to fetch the value and every possible attribute (domain, path, secure, httponly, etc), delete all of the cookie definitions, and redefine it again, as that seems like an awful lot of unnecessary processing. I'm looking for a way specifically to just delete the duplicates and leave the final one intact.
To make things interesting, I've noticed that HTTP::cookie definitions seem to work from the bottom up instead of from the top down, so a reference that will only match on one of them will match on the last one, complicating things a bit.
Do you have any suggestions?
hooleylistCirrostratus
What version are you running?
Aaron
Chad_Roberts_21I should have mentioned that... I'm running 9.4.4.- hooleylist
Hrm... the best option I can come up with is to get the last (or do you want the first?) Set-Cookie header value which starts with SESSIONID, save the value of the header, remove all SESSIONID cookies and then re-insert the Set-Cookie header with the SESSIONID you want to save.
Anyone else have ideas?
Aaron
when HTTP_RESPONSE { Insert some teest response headers HTTP::header insert Set-Cookie {SESSIONID=AAAAAAAA; domain=.domain.com; path=/path/1} HTTP::header insert Set-Cookie {keeper=don't delete; domain=.domain.com; path=/path/2} HTTP::header insert Set-Cookie {SESSIONID=BBBBBBBB; domain=.domain.com; path=/path/3} HTTP::header insert Set-Cookie {SESSIONID=CCCCCCCC; domain=.domain.com; path=/path/4} log local0. "Set-Cookie header values: [HTTP::header values Set-Cookie]" log local0. "First Set-Cookie header which starts with SESSIONID: [lsearch -glob -inline [HTTP::header values Set-Cookie] "SESSIONID*"]" log local0. "Last Set-Cookie header which starts with SESSIONID: [lsearch -glob -inline -start end [HTTP::header values Set-Cookie] "SESSIONID*"]" set set_cookie_header [lsearch -glob -inline -start end [HTTP::header values Set-Cookie] "SESSIONID*"] log local0. "\$set_cookie_header: $set_cookie_header" Remove all SESSIONID cookies while {[HTTP::cookie exists SESSIONID]}{ HTTP::cookie remove SESSIONID } log local0. "Set-Cookie values: [HTTP::header values Set-Cookie]" Re-insert the last SESSIONID Set-Cookie header HTTP::header insert Set-Cookie $set_cookie_header log local0. "SESSIONID cookie: [HTTP::cookie SESSIONID]" }Log output:
: Set-Cookie header values: {SESSIONID=AAAAAAAA; domain=.domain.com; path=/path/0} {keeper=don't delete; domain=.domain.com; path=/path/1} {SESSIONID=BBBBBBBB; domain=.domain.com; path=/path/2} {SESSIONID=CCCCCCCC; domain=.domain.com; path=/path/3} : First Set-Cookie header which starts with SESSIONID: SESSIONID=AAAAAAAA; domain=.domain.com; path=/path/0 : Last Set-Cookie header which starts with SESSIONID: SESSIONID=CCCCCCCC; domain=.domain.com; path=/path/3 : $set_cookie_header: SESSIONID=CCCCCCCC; domain=.domain.com; path=/path/3 : Set-Cookie values: {keeper=don't delete; domain=.domain.com; path=/path/1} : SESSIONID cookie: CCCCCCCC