HTTPOnly "attribute and secure "attribute

Question

Hello everyone&nbsp;
The report of my scan shows us the following errors:
- "The cookie does not contain the" HTTPOnly "attribute."
- "The cookie does not contain the" secure "attribute."
I added the following irula that works very well:
when HTTP_RESPONSE {
foreach mycookie [HTTP :: cookie names] {
HTTP :: cookie secure $ mycookie enable
}
}&nbsp;
But when I try to write the script secure cookie + httponly:
when HTTP_RESPONSE {
foreach mycookie [HTTP :: cookie names] {
HTTP :: cookie secure $ mycookie enable
HTTP :: httponly cookie $ mycookie enable
}
}&nbsp;
I have an error, can you help me?&nbsp;

lee_sutcliffe · Answer

Hi, looks to be a typo, try this:
HTTP_RESPONSE { 
    foreach mycookie [HTTP::cookie names] { 
        HTTP::cookie secure $mycookie enable 
        HTTP::cookie httponly $mycookie enable 
        } 
}

srini_87152 · Answer

if you running 12.x version,default you have option enable these on cookie level.&nbsp;
Thx
Srini&nbsp;

Forum Discussion

HTTPOnly "attribute and secure "attribute

2 Replies

Recent Discussions

F5Access | MacOS Sonoma

Active- Active HA setup

syslog server connection

Cannot see floating MAC address outside of ESXi

Rewrite uri translation not working

Related Content

How to use rest api to get the "Availability" attribute value of virtual server member without knowing its pool name

Insert "samesite = none" attribute in an existing iRule

Cookie Does Not Contain The "secure" Attribute on ltm vip

The cookie does not contain the "HTTPOnly" attribute.

iRule for RADIUS "calling station ID" attribute 31 (persistence)