NimbostratusDuring a review of www.testtest.com cookies for potential RWD checkout render we noticed that the F5 LTM and ASM cookies seem to be FQDN based (e.g., www.testtest.com) versus Top Level Domain based (e.g., .testtest.com). Is anyone aware of a mechanism to control the cookie level either at the profile, VCMP or appliance level?
CirrusHere the article to setup secure and httponly flags for asm cookies: https://support.f5.com/kb/en-us/solutions/public/13000/700/sol13787.html?sr=55049482
CirrusTo set the secure flag, you can use this code snippet :
when HTTP_RESPONSE {
foreach mycookie [HTTP::cookie names] {
HTTP::cookie secure $mycookie enable
}
}
NacreousHi,
In general, I prefer to have a VS layered VS architecture.
You apply the following irule to the Frontend VS :
when CLIENT_ACCEPTED {
virtual virtual_server_name
}
Then, on the same irule, you can change the domain of desired cookies :
when HTTP_RESPONSE {
foreach mycookie [HTTP::cookie names] {
HTTP::cookie domain $mycookie ".testtest.com"
}
}
You may also need to restrict to certain cookies only :
when HTTP_RESPONSE {
foreach mycookie [HTTP::cookie names] {
if { [class match $mycookie REWRITABLE_COOKIES] } {
HTTP::cookie domain $mycookie ".testtest.com"
}
}
}
Where REWRITABLE_COOKIES is a datagroup of type string.
NacreousNacreous
NimbostratusCirrusHi,
In general, I prefer to have a VS layered VS architecture.
You apply the following irule to the Frontend VS :
when CLIENT_ACCEPTED {
virtual virtual_server_name
}
Then, on the same irule, you can change the domain of desired cookies :
when HTTP_RESPONSE {
foreach mycookie [HTTP::cookie names] {
HTTP::cookie domain $mycookie ".testtest.com"
}
}
You may also need to restrict to certain cookies only :
when HTTP_RESPONSE {
foreach mycookie [HTTP::cookie names] {
if { [class match $mycookie REWRITABLE_COOKIES] } {
HTTP::cookie domain $mycookie ".testtest.com"
}
}
}
Where REWRITABLE_COOKIES is a datagroup of type string.
CirrusCirrusNimbostratus