Oliviattt
Reputation: 11
F5 iRule to Secure Cookie with HTTPOnly and Secure but not contains cookie name="cnlfsid"
We need to Secure Cookie with HTTPOnly and Secure but not contains a cookie name ="cnlfsid"
Here is my code:
when HTTP_RESPONSE {
foreach x [HTTP::cookie names] {
set ckname $x
set ckvalue [HTTP::cookie value $x]
set ckpath [HTTP::cookie value path]
if {!($ckname equals "cnlfsid")} {
HTTP::cookie remove $x
HTTP::cookie insert name $ckname value $ckvalue path $ckpath version 1
HTTP::cookie secure $ckname enable
HTTP::cookie httponly $ckname enable
}
}
}
but it can't work. Can someone help me to fix it.
Many thanks
Upvotes: 1
Views: 2435
Answers (1)
jpvantuyl
Reputation: 604
The answer from the f5 forum noted in the comments is:
when HTTP_RESPONSE {
foreach x [HTTP::cookie names] {
if { $x equals "cnlfsid" } {
continue
}
set ckname $x
set ckvalue [HTTP::cookie value $x]
set ckpath [HTTP::cookie $x path]
HTTP::cookie remove $x
HTTP::cookie insert name $ckname value $ckvalue path $ckpath version 1
HTTP::cookie secure $ckname enable
HTTP::cookie httponly $ckname enable
}
}
Looks like the trick is the continue statement.
Upvotes: 0
Related Questions
- Add Secure and httpOnly Flags to Every Set-Cookie Response in Apache httpd
- Setting HTTPOnly flag on cookie in varnish 4
- Set HttpOnly attribute of a cookie as "True" using javascript
- How to set a Secure and HTTP Flag on a Cookie only when it doesnt have one? ( .htaccess )
- Insecure HTTP cookies
- HTTPoison with cookies
- Session Cookie without HttpOnly flag set
- set http only and secure flag for cookies in lighttpd
- Cookies set secureflag to true
- Cookie without Secure flag and HttpOnly flag set