Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

How to mark cookies as secure?

Hello Guys,

I have an issue where I need to make sure that cookies are marked as secure. I'm using a standard SSL offloading.

Is there are way to do this via an irule perhaps?

Thanks in advance, Lucas

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Lucas, have you seen this solution: Setting the secure attribute for HTTP cookies

Does this meet your needs?

N

0
Comments on this Answer
Comment made 08-Feb-2017 by Lucas_Kaczmarski 130

Hi Nathan,

Yes I've seen this article. Do I need to specify a cookie name here?

when HTTP_RESPONSE { foreach mycookie [HTTP::cookie names] { HTTP::cookie secure $mycookie enable } }

I want all cookies to be marked secure. Sorry I'm not very good at irules!

Thanks, Lucas

0
Comment made 08-Feb-2017 by nathan 6519

the foreach command is creating a look and a variable, as such, for each cookie you have. so it parses all the cookie names, sets them individually as mycookie variable and then secures them, it loops back around then. At least that's my crude attempt at reading the irule.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Yep, nathan is correct:

HTTP::cookie names

Returns a TCL list containing the names of all the cookies present in the HTTP headers.

reference

0
Comments on this Answer
Comment made 08-Feb-2017 by RiverFish 324

However, I usually try to make the application owners set their own cookie attributes when possible.

0
Comment made 08-Feb-2017 by Lucas_Kaczmarski 130

Thanks guys, I'll test and let you know!

0