Nimbostratus
NimbostratusThe problem is that multiple "Set-Cookie"'s are in a single request, and when I do a [HTTP::cookie remove "Set-Cookie"], I'm clobbering a lot of other cookies. I imagine another potential problem is that I'm not always going to catch "sessionid" being set, because these functions operate only on the last "Set-Cookie" header.
The following code:
when HTTP_RESPONSE {
if { [HTTP::header values "Set-Cookie"] contains "sessionid" } {
log local0. "Set-Cookie count: [HTTP::header count "Set-Cookie"]"
log local0. "Set-Cookie value: [HTTP::header values "Set-Cookie"]"
}
Produces the following output:
Dec 10 00:05:08 tmm tmm[2524]: Rule CookieMask2 : Set-Cookie count: 3
Dec 10 00:05:08 tmm tmm[2524]: Rule CookieMask2 : Set-Cookie value: {sessionid=; path=/; expires=Thu, 01-Jan-1970 00} 00 {00 GMT} {cadata=; path=/; expires=Thu, 01-Jan-1970 00} 00 {00 GMT} {BIGipServerPool_Exchange=2689860106.20480.0000; path=/}
Dec 10 00:05:18 tmm tmm[2524]: Rule CookieMask2 : Set-Cookie count: 3
Dec 10 00:05:18 tmm tmm[2524]: Rule CookieMask2 : Set-Cookie value: {sessionid=1b36c39b-2ae6-42cb-86b1-db030e2e65fe; path=/} {cadata="seeminglyrandomstringbutsanitizedjustincase="; HttpOnly; path=/} {sessionid=1b36c39b-2ae6-42cb-86b1-db030e2e65fe; path=/; path=/}
Which I believe proves this to be true. Also note, that the first "sessionid" cookie is split up funny, which is preventing a pretty simple fix to this problem in my mind.
So, I don't believe I have to tools necessary with HTTP::header and HTTP::cookie to fix this. I see no way to nicely "step through" headers with duplicate names. Hoping someone can chime in on that.