Forum Discussion

MDPF52_180608's avatar
MDPF52_180608
Icon for Nimbostratus rankNimbostratus
Jan 26, 2015

iRule redirect with cookie removal

Hello DevCentral community,

 

I've a question for you, is possible to remove a cookie on a HTTP::respond 302 redirect ?

 

Like: if i click on the logout URI , i need to redirect to the homepage and delete the cookie

 

Thanks in advance,

 

Best Regards

 

M.

 

3 Replies

  • Hi MDPF52,

     

    you can remove a cookie from a redirect received from a pool member.

     

    But the client may still have a cookie stored in his browser cache and send it with a new request to the server.

     

    Would you please give us a bit more information about the traffic flow?

     

    Thanks, Stephan

     

  • Hi MDPF52,

    from my perspective it can just be overwritten but not be deleted (here is a sample):

     

    when RULE_INIT {
        set static::remove_cookie 1
    }
    
    when HTTP_RESPONSE {
    
        if { $static::remove_cookie == 1 } {
            if { [HTTP::cookie exists APPSESSIONID] } {
                HTTP::cookie remove APPSESSIONID
            }
            HTTP::cookie insert name APPSESSIONID value "loggedout" path "/" domain "cookietest.lb-net.bit" version 1
        }
    }
    

     

    Maybe this helps a bit. So if you test new incoming requests for the cookie and treat them according to your policies.

    Make sure to lookup your broswer cache for other domain or path specific cookie from your site. Maybe they need to be overwritten specifically.

    Thanks, Stephan

  • To add to what Stephan said, when we do things like this on a redirect, here's what my iRule generally looks like the following. Like Stephan said, you'll need to make sure you're removing the cookie with at right path (and at the right domain if you're setting domain level cookies anywhere)

     

    when HTTP_REQUEST {    
         ... prior code
       HTTP::respond 302 Location "Redirect URL" "Set-Cookie" "CookieName=deleted; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT"
       return
    }