Forum Discussion
3 Replies
- rob_carrCirrostratus
System variable aren't getting created when /usr/share/ts/bin/add_del_internal add [cookie_secure_attr | cookie_httponly_attr] is run. Setting the value to 1 enables setting the flag, setting the value to 0 disables setting the flag.
I think this issue is worth a call to support, to see if there is an RFE.
- samstepCirrocumulus
You can modify ASM cookies and add SameSite attribute (or do any other header manipulation) using an iRule and HTP_RESPONSE_RELEASE event, see:
K14211: Using an iRule to parse post-ASM requests and responses
https://support.f5.com/csp/article/K14211
- HoolioRet. Employee
Here's an iRule that will set SameSite on cookies that the web app, ASM or other BIG-IP modules set via the Set-Cookie header:
https://devcentral.f5.com/s/articles/iRule-to-set-SameSite-for-compatible-clients-and-remove-it-for-incompatible-clients-LTM-ASM-APM
Aaron