Automatically Removing Cookies

posted on Wednesday, July 08, 2009 3:43 AM

Using network-side scripting to remove client-side cookies

@quine overhead an interesting question that he offered via Twitter regarding cookies and BIG-IP. Specifically someone was wondering whether BIG-IP automatically removes cookies from the browser.

Our team had a quick discussion because the question isn’t as straight-forward as it first appears. On the surface the answer is an unequivocal “no”, because for an intermediary to just arbitrarily remove cookies would be a Very Bad Thing. But the ability to manipulate cookies is certainly something you can do using iRules, and if you implemented such functionality then the answer very well could be “yes”.

There are any number of reasons you might want to remove cookies via an intermediary like BIG-IP. It could be that the developer of the application inadvertently left out that functionality. It could be that the application is a third party purchased application and the removal of cookies isn’t included but you really want to offer that functionality. It could be that you want to give users/visitors the ability to arbitrarily delete a cookie your application has set, just because you’re nice that way. Whatever the reason, removal of cookies – really any cookie manipulation -- is simplicity itself using iRules:

when HTTP_RESPONSE {
HTTP::cookie remove <cookiename>
}

Really, that’s it. You’ll probably want more logic around it than that, but the core of the solution is just one simple command. Now I’d love to be able to say that this functionality is unique to iRules and F5, but it’s not. Pretty much any intermediary with network-side scripting capabilities should be able to perform this function as well. For example, Apache’s mod_header can manipulate HTTP headers, including cookies. It looks like you could use the command unset to remove a cookie using a mod_header configuration.

So the more precise answer to @quine’s question is: “Yes, but only if you tell it to.”

Technorati Tags: MacVittie,F5,cookies,big-ip,http,web,application,development,mod_header,apache,twitter

Related blogs & articles:

Posted In: iRules, Development and General,

2 Comments

Feedback

8/16/2010 10:26 AM
		My concern, is since we from time to time have to fail one LTM to the other on the cluster and back to unlock a virtual server, is does the stack for cookies on each pool member have a limit, and does it dump cookies after that limit? larry
Larry Dalton

8/24/2010 1:04 PM
		Hi Larry, Cookies are stored on the client, so there's really no limit on the LTM regarding them and in fact it is just this scenario that is well-served by cookies on the client as they can maintain vital connection information during a fail-over. If you were thinking more of the persistence table (which often takes advantages of cookies) then there is a theoretical limit on that table but it should not be impacted unless the LTM itself is rebooted or in the case of an LTM --> LTM failover if there is a problem with session mirroring. Hope that helps! Lori
macvittie

Let Me Know What You Think

Please use the form below if you have any comments, questions, or suggestions.

Title:

Name:

Email: (so we can show your gravatar)

Website:

Comment: Allowed tags: blockquote, a, strong, em, p, u, strike, super, sub, code

Remember Me?

Enter the code shown above:

Please add 2 and 2 and type the answer here:

		General SOA
		SOA Delivery
		Randomness
		Web 2.0
		Security
		iRules
		iControl
		Development and General
		Monitoring/Management
		XML
		ISV Solutions
		Microsoft Solutions
		Performance
		Cloud Computing
		Virtualization
		WILS
		Infrastructure 2.0
		F5 Friday
		Data Center Feng Shui
		Dynamic Infrastructure
		Load balancing
		Service Providers
		1024 Words
		v10.2.2
		v11
		JSON
		HTML5
		Mobile
		iApp
		Availability
		Storage
		DDoS
		AppSec
		TradSec

		February, 2012 (2)
		January, 2012 (13)
		December, 2011 (9)
		November, 2011 (12)
		October, 2011 (14)
		September, 2011 (14)
		August, 2011 (16)
		July, 2011 (12)
		June, 2011 (14)
		May, 2011 (12)
		April, 2011 (16)
		March, 2011 (16)
		February, 2011 (12)
		January, 2011 (14)
		December, 2010 (12)
		November, 2010 (14)
		October, 2010 (14)
		September, 2010 (13)
		August, 2010 (13)
		July, 2010 (18)
		June, 2010 (22)
		May, 2010 (22)
		April, 2010 (19)
		March, 2010 (23)
		February, 2010 (20)
		January, 2010 (17)
		December, 2009 (16)
		November, 2009 (20)
		October, 2009 (22)
		September, 2009 (21)
		August, 2009 (25)
		July, 2009 (18)
		June, 2009 (20)
		May, 2009 (20)
		April, 2009 (21)
		March, 2009 (23)
		February, 2009 (17)
		January, 2009 (19)
		December, 2008 (17)
		November, 2008 (18)
		October, 2008 (27)
		September, 2008 (32)
		August, 2008 (31)
		July, 2008 (30)
		June, 2008 (33)
		May, 2008 (30)
		April, 2008 (24)
		March, 2008 (5)
		February, 2008 (4)
		January, 2008 (8)
		December, 2007 (5)
		November, 2007 (6)
		October, 2007 (3)
		September, 2007 (5)
		August, 2007 (7)
		July, 2007 (7)
		June, 2007 (5)
		May, 2007 (11)
		April, 2007 (9)
		March, 2007 (7)
		February, 2007 (10)
		January, 2007 (5)
		December, 2006 (4)
		November, 2006 (8)