cookie secure and http only -- All cookies that gets downloaded

Question

&nbsp;
i want to secure and http only all cookies when my application is accessed. Tried couple of irule link text and link text no luck. When i use irule similar to second thread, jsessionid cookie doesnt download and doesn't allow to login.&nbsp;
Apart from JSESSIONID,MEMBERNAME,PROGRAMCODE, mycookie (LTM generated) , i can see many cookies downloading and i want to secure all cookies. &nbsp;
Looking for expert advice and suggestion in resolving this ASAP. &nbsp;

maneesh_72711 · Answer

Check this link if you have not.¬†
https://devcentral.f5.com/s/feed/0D51T00006i7N5rSAE¬†

kai_wilke · Answer

Hi Habib,
you may try the iRule below to set the HttpOnly and Secure flags to every issued cookie...
when HTTP_RESPONSE {
    foreach cookie [HTTP::cookie names] {
        HTTP::cookie secure $cookie enable 
        HTTP::cookie httponly $cookie enable 
    }
}

Cheers, Kai

Forum Discussion

cookie secure and http only -- All cookies that gets downloaded

2 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Cookie-based DDoS protection

Decoding the IPv4 address from the persistence cookie

2. SYN Cookie: Operation

1. SYN Cookie: Intro

Cookie Tampering Protection using F5 Distributed Cloud Platform