Forum Discussion

Nimbostratus

Feb 01, 2016

Multiple Secure and HttpOnly attributes seen for cookie

Hi, I ran a curl command from a linux machine to a URL (on https) which is hosted on our BIG IP LTM. This virtual server has been set to add Secure, HttpOnly attributes to the cookie. However, I s...

Nacreous

Try using this iRule. It will not try to set secure or httponly if it is already set. What you are doing to manually changing the cookie payload without inspecting what is already there.

when HTTP_RESPONSE {
    foreach mycookie [HTTP::cookie names] {
        HTTP::cookie secure $mycookie enable
        HTTP::cookie httponly $mycookie enable
    }
}

https://devcentral.f5.com/wiki/iRules.HTTP__cookie.ashx

Brad_Parker_139

Nacreous

Feb 01, 2016

You don't necessarily have to persist on JESSIONID, but if you want to you can using universal persistence. https://support.f5.com/kb/en-us/solutions/public/7000/300/sol7392.html

Forum Discussion

Multiple Secure and HttpOnly attributes seen for cookie

Recent Discussions

BWC iRule

GTM Packet Capture command

Citrix XenServer Big-IP Upgrade help

BIG-IP DNS iRule issue with static variable

F5 ASM logging profile to specify source IP

Related Content

Multiple value seperator in saml Attribute

AD Authentication using multiple user attributes

How to add Httponly and Secure attributes to HTTP cookies (for 11.5.x)

Lightboard Lessons: HTTP Cookie SameSite Attribute

Add SameSite attribute to APM Cookies