Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Removing Duplicate Set-Cookie Definitions

Once again I come here with my hands open, hoping for someone to turn on the light over my head.

We've run into a scenario where our web servers sometimes send duplicate Set-Cookie definitions in the same transmission, and we would like to prevent this with the BIG-IPs. Using the Live HTTP Headers plugin in Firefox, we see it look something like this:

Set-Cookie: SESSIONID=AAAAABBBBBCCCCC; domain=.domain.com; path=/path/
Set-Cookie: SESSIONID=AAAAABBBBBCCCCC; domain=.domain.com; path=/path/
Set-Cookie: SESSIONID=AAAAABBBBBCCCCC; domain=.domain.com; path=/path/


In my example all values are the same, which is often the case, but sometimes they are not. We want to keep the last cookie definition and discard any previous one. What I want to prevent is having to use a variable to fetch the value and every possible attribute (domain, path, secure, httponly, etc), delete all of the cookie definitions, and redefine it again, as that seems like an awful lot of unnecessary processing. I'm looking for a way specifically to just delete the duplicates and leave the final one intact.

To make things interesting, I've noticed that HTTP::cookie definitions seem to work from the bottom up instead of from the top down, so a reference that will only match on one of them will match on the last one, complicating things a bit.

Do you have any suggestions?
0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
What version are you running?

Aaron
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
I should have mentioned that... I'm running 9.4.4.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Hrm... the best option I can come up with is to get the last (or do you want the first?) Set-Cookie header value which starts with SESSIONID, save the value of the header, remove all SESSIONID cookies and then re-insert the Set-Cookie header with the SESSIONID you want to save.

Anyone else have ideas?

Aaron

  
when HTTP_RESPONSE {

# Insert some teest response headers
HTTP::header insert Set-Cookie {SESSIONID=AAAAAAAA; domain=.domain.com; path=/path/1}
HTTP::header insert Set-Cookie {keeper=don't delete; domain=.domain.com; path=/path/2}
HTTP::header insert Set-Cookie {SESSIONID=BBBBBBBB; domain=.domain.com; path=/path/3}
HTTP::header insert Set-Cookie {SESSIONID=CCCCCCCC; domain=.domain.com; path=/path/4}

log local0. "Set-Cookie header values: [HTTP::header values Set-Cookie]"
log local0. "First Set-Cookie header which starts with SESSIONID: [lsearch -glob -inline [HTTP::header values Set-Cookie] "SESSIONID*"]"
log local0. "Last Set-Cookie header which starts with SESSIONID: [lsearch -glob -inline -start end [HTTP::header values Set-Cookie] "SESSIONID*"]"

set set_cookie_header [lsearch -glob -inline -start end [HTTP::header values Set-Cookie] "SESSIONID*"]
log local0. "\$set_cookie_header: $set_cookie_header"

# Remove all SESSIONID cookies
while {[HTTP::cookie exists SESSIONID]}{
HTTP::cookie remove SESSIONID
}
log local0. "Set-Cookie values: [HTTP::header values Set-Cookie]"

# Re-insert the last SESSIONID Set-Cookie header
HTTP::header insert Set-Cookie $set_cookie_header

log local0. "SESSIONID cookie: [HTTP::cookie SESSIONID]"
}


Log output:

<HTTP_RESPONSE>: Set-Cookie header values: {SESSIONID=AAAAAAAA; domain=.domain.com; path=/path/0} {keeper=don't delete; domain=.domain.com; path=/path/1} {SESSIONID=BBBBBBBB; domain=.domain.com; path=/path/2} {SESSIONID=CCCCCCCC; domain=.domain.com; path=/path/3}
<HTTP_RESPONSE>: First Set-Cookie header which starts with SESSIONID: SESSIONID=AAAAAAAA; domain=.domain.com; path=/path/0
<HTTP_RESPONSE>: Last Set-Cookie header which starts with SESSIONID: SESSIONID=CCCCCCCC; domain=.domain.com; path=/path/3
<HTTP_RESPONSE>: $set_cookie_header: SESSIONID=CCCCCCCC; domain=.domain.com; path=/path/3
<HTTP_RESPONSE>: Set-Cookie values: {keeper=don't delete; domain=.domain.com; path=/path/1}
<HTTP_RESPONSE>: SESSIONID cookie: CCCCCCCC
0