Forum Discussion
hooleylist
Jan 17, 2008Cirrostratus
Actually, it does look like the cookie value is modified by the encrypt and decrypt functions. I was getting confused by the HTTP::header and HTTP::cookie values being cached. You can decrypt the cookie value and save the output to a variable to workaround the problem with difficulty of cached values.
For example, using two different priorities shows the true value of the cookie changing without explicitly setting the cookie value to the output of HTTP::cookie encrypt.
when RULE_INIT {
set ::cookie_passphrase "some phrase"
set ::cookie_name "cookie_name"
set ::cookie_value "cookie_value"
}
when HTTP_REQUEST priority 500 {
HTTP::cookie insert name $::cookie_name value $::cookie_value
log local0. "500 Unencrypted cookie value: [HTTP::cookie value $::cookie_name]"
Encrypt cookie and save the encrypted value
set encrypted_value [HTTP::cookie encrypt $::cookie_name $::cookie_passphrase]
log local0. "500 \$encrypted_value: $encrypted_value"
log local0. "500 Correct cookie header value: [HTTP::header value Cookie]"
log local0. "500 Cached cookie value: [HTTP::cookie value $::cookie_name]"
}
when HTTP_REQUEST priority 501 {
log local0. "501 Encrypted test cookie value: [HTTP::cookie value $::cookie_name]"
log local0. "501 Cookie header with encrypted value: [HTTP::header value Cookie]"
}
when HTTP_REQUEST priority 502 {
Encrypt cookie and save the encrypted value
set decrypted_value [HTTP::cookie decrypt $::cookie_name $::cookie_passphrase]
log local0. "502 \$decrypted_value: $decrypted_value"
log local0. "502 Decrypted cookie header value: [HTTP::header value Cookie]"
log local0. "502 Decrypted cookie value: [HTTP::cookie value $::cookie_name]"
}
Log output:
: 500 Unencrypted cookie value: cookie_value: 500 $encrypted_value: f3lzsw7kqxIeu2vI6yy8eCITlBtuGboyFJ5D1ES0tzpxA98XJ90P: 500 Correct cookie header value: cookie_name=f3lzsw7kqxIeu2vI6yy8eCITlBtuGboyFJ5D1ES0tzpxA98XJ90P;: 500 Cached cookie value: cookie_value: 501 Encrypted test cookie value: f3lzsw7kqxIeu2vI6yy8eCITlBtuGboyFJ5D1ES0tzpxA98XJ90P: 501 Cookie header with encrypted value: cookie_name=f3lzsw7kqxIeu2vI6yy8eCITlBtuGboyFJ5D1ES0tzpxA98XJ90P;: 502 $decrypted_value: cookie_value: 502 Decrypted cookie header value: cookie_name=cookie_value;: 502 Decrypted cookie value: cookie_value
Aaron