Secure cookie iRule is not working as expected
We are using below iRule for making all cookie secure, but it is not working as expected. Below is the issue description. Help e in resolving this issue.
iRule:
when HTTP_RESPONSE {
set cookies [HTTP::cookie names]
Loop through each cookie by name in request
foreach aCookie $cookies {
Replace cookie name from list and set Secure Flag to Enable
log local0. "$aCookie, [HTTP::cookie value $aCookie]"
HTTP::cookie secure $aCookie enable
}
}
Issue description:
Below is the snippet of one of the set-cookie response.
Cookie sent by IIS server:
Set-Cookie USEREXIST=OMMONFRE; Expires=Sat, 18-May-2013 14:35:03 GMT; Path=/sso_admin; HttpOnly
Cookie after iRule execution:
USEREXIST=OMMONFRE;secure; Expires=Sat,;secure; 18-May-2013 14:35:03;secure; GMT;Secure; Path=/sso_admin; HttpOnly
Logs show that a single set-cookie is being interpreted as multiple set-cookie.
LT Logs:
May 13 09:15:21 tmm info tmm[6840]: Rule /Common/ir_securecookie_log : JSESSIONID, OLbwbxawwZJZVz85YLW+Ng__
May 13 09:15:22 tmm1 info tmm1[6841]: Rule /Common/ir_securecookie_log : USEREXIST, OMMONFRE
May 13 09:15:22 tmm1 info tmm1[6841]: Rule /Common/ir_securecookie_log : Expires, Sat,
May 13 09:15:22 tmm1 info tmm1[6841]: Rule /Common/ir_securecookie_log : GMT,
May 13 09:15:22 tmm1 info tmm1[6841]: Rule /Common/ir_securecookie_log : 18-May-2013, 14:03:16
Thanks,
Vivek.