Forum Discussion
There's conceivably two ways to do this. You could simply collect the cookies that the client sends in the request that signals the logoff sequence into a local variable. Because the HTTP_RESPONSE event should fire in the same TCP session you'd have access to that local variable and could use it to delete the (known) cookies. Example:
when HTTP_REQUEST {
if { [HTTP::uri] equals "/logoff.php" } {
set logoff 1
set incoming_cookies [HTTP::cookie names]
}
}
when HTTP_RESPONSE {
if { [info exists logoff] } {
foreach x $incoming_cookies {
HTTP::header insert Set-Cookie "$x=deleted; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT"
}
}
}
I say "known" cookies because it will only catch the cookies that the browser sends on that specific request. There could be others based on cookie path, domain, httponly, and secure attributes. To get those, you'd probably need to capture them as they're sent (via Set-Cookie header) and store them somewhere - like the APM session table. This method could get a bit more complex though, for example, if the application sent the same or a modified version of its cookies on every response. You wouldn't want to store all of those potentially redundant cookies, so you'd need to search for and replace the old ones in your table, and for each response.