Mark_Wallis_833
Apr 13, 2010Nimbostratus
Cookies - HttpOnly, Secure and ASM
Hi,
I'm trying to use the iRule code below in our HTTP_RESPONSE event to ensure that the secure flag is enabled on all our outgoing Set-Cookie's.
foreach a_cookie [HTTP::cookie names] {
HTTP::cookie secure $a_cookie enable
}
Our application is setting the following cookie
Set-Cookie: JSESSIONID=2A8F571EA86877B1366F559BEB4F238A; Path=/; HttpOnly
Two questions.
1. The foreach loop is actually looping twice. The first time the cookie name is JSESSIONID. The second time the cookie name is HttpOnly. Has anyone found any issues with the iRule not parsing cookie's correctly that contain the HttpOnly attribute ?
2. We have ASM which inserts a TS????? cookie, but this cookie doesn't appear during the loop. I assume it isn't inserted until after the HTTP_RESPONSE event ? Does anyone know a way to enable secure on the ASM cookie ?
Thanks,
Mark.