Forum Discussion
What_Lies_Bene1
May 23, 2014Cirrostratus
Based on the information here the HTTP::cookie command isn't too reliable: https://devcentral.f5.com/questions/how-to-properly-insert-httponly-and-secure-cookie-directives.
I'd highly recommend you use something like this (from that article) but you'll need to add a check to see if those attributes already exist;
set unsafe_cookie_headers [HTTP::header values "Set-Cookie"]
HTTP::header remove "Set-Cookie"
foreach set_cookie_header $unsafe_cookie_headers {
HTTP::header insert "Set-Cookie" "${set_cookie_header}; Secure; HttpOnly"
}