Forum Discussion
The iRule adds the tag "Secure" to all "Set-Cookie" headers. This is done to avoid clients to use those cookie in case of being in a unsafe communication.
REF - https://en.wikipedia.org/wiki/Secure_cookie
KR,
Dario.
May 30, 2019
when HTTP_RESPONSE_RELEASE {
# Get all values of Set-Cookie headers
set unsafe_cookie_headers [HTTP::header values "Set-Cookie"]
# Remove the current unsafe Set-Cookie header
HTTP::header remove "Set-Cookie"
foreach set_cookie_header $unsafe_cookie_headers {
# Insert a new Set-Cookie header with '<value>; Secure' for each one (to securize)
HTTP::header insert "Set-Cookie" "${set_cookie_header}; Secure"
}
}
- May 31, 2019
The client is not going to use the cookie tagged as "Secure" if the communication is through HTTP (unsecure).
REF - https://en.wikipedia.org/wiki/Secure_cookie
I would appreciate if you rate my answer.
KR,
Dario.
- Blue_whaleMay 31, 2019Cirrocumulus
Dario thank you ,
what do you mean by unsafe communication ?