Using network-side scripting to remove client-side cookies

@quine overhead an interesting question that he offered via Twitter regarding cookies and BIG-IP. Specifically someone was wondering whether BIG-IP automatically removes cookies from the browser. removecookies

Our team had a quick discussion because the question isn’t as straight-forward as it first appears. On the surface the answer is an unequivocal “no”, because for an intermediary to just arbitrarily remove cookies would be a Very Bad Thing. But the ability to manipulate cookies is certainly something you can do using iRules, and if you implemented such functionality then the answer very well could be “yes”.

There are any number of reasons you might want to remove cookies via an intermediary like BIG-IP. It could be that the developer of the cookie-monster3 application inadvertently left out that functionality. It could be that the application is a third party purchased application and the removal of cookies isn’t included but you really want to offer that functionality. It could be that you want to give users/visitors the ability to arbitrarily delete a cookie your application has set, just because you’re nice that way. Whatever the reason, removal of cookies – really any cookie manipulation -- is simplicity itself using iRules:

when HTTP_RESPONSE {
   HTTP::cookie remove
}

Really, that’s it. You’ll probably want more logic around it than that, but the core of the solution is just one simple command. Now I’d love to be able to say that this functionality is unique to iRules and F5, but it’s not. Pretty much any intermediary with network-side scripting capabilities should be able to perform this function as well. For example, Apache’s mod_header can manipulate HTTP headers, including cookies. It looks like you could use the command unset to remove a cookie using a mod_header configuration.

So the more precise answer to @quine’s question is: “Yes, but only if you tell it to.”

Follow me on Twitter View Lori's profile on SlideShare friendfeedicon_facebook AddThis Feed Button Bookmark and Share