Setting Cookie "HttpOnly" flag and Expires on Redirect and response
I ave a requirement to both set a cookie on redirect and insert a cookie on response. (at different points within my rule logic).
Both cookies will have the same content and need to have an expiry of 1hour and have the HttpOnly flag set.
I have had an inordinate amount of trouble getting this to work on 10.2. It seems its easy to set a cookie on response:
HTTP::cookie insert name $static::COOKIE_NAME value $COOKIE_VALUE path "/" domain $static::COOKIE_DOMAIN
HTTP::cookie expires $static::COOKIE_NAME 600 relative
But i also need to set the HttpOnly flag which (it seems) is impossible using HTTP::cookie in v10.x.??
Also, when i redirect, i need to do the same thing. Here, setting HttpOnly is easy, but now I am having problems trying to set the Expiry on the cookie!:
set COOKIE [format "%s=%s; path=/; domain=%s; Expires=%s HttpOnly" $COOKIE_VALUE $static::COOKIE_DOMAIN $static::COOKIE_EXPIRES]
HTTP::respond 302 Location "http://$DETECTED_DOMAIN" "Set-Cookie" $COOKIE
I find the browser doesn't return the cookie if the Expires flag is set.
Any idea whats going wrong here? Is there a simpler way to set these cookies that i'm unaware of?
Any help would be much appreciated!
Cheers..