mr_skater99_640
Mar 03, 2010Nimbostratus
Stripping Cookies
We have an off the shelf product that sets to many cookies and cookies on all domains configured in the product (these aren't needed). We're trying to tidy some of this up and we've got some of it working,
when HTTP_RESPONSE {
if { [HTTP::header "server"] equals "blah" } {
set cookies [HTTP::cookie names]
foreach aCookie $cookies {
if {[string tolower $aCookie] equals "offending_cookie"} {
HTTP::cookie remove $aCookie
}
}
}
}
This strips all "offending_cookie". What we need to do now is strip cookies that are for anything other than the domain the request was made on.
I tried the following to see if i could remove a cookie with an offending domain (my intention was once this was working to then make it dynamic to pick up the domain the request was made on and go that way).
when HTTP_RESPONSE {
if { [HTTP::header "server"] equals "blah" } {
set cookies [HTTP::cookie names]
foreach aCookie $cookies {
set cookieDomain [HTTP::cookie domain $aCookie]
if {[string tolower $aCookie] equals "offending_cookie"} {
HTTP::cookie remove $aCookie
} elseif {$cookieDomain contains ".bad.domain.com"} {
HTTP::cookie remove $aCookie
}
}
}
}
But this doesn't work - any pointers????
Cheers.