iRule adding extra time to HTTP::cookie expires 1200 relative command

Question

We have an iRule which adds a version 0 cookie (suffice to say it has to be version 0 due to browser versions...) and also performs a HTTP::cookie expires  1200 relative.&nbsp;
However when I use firebug to view the cookie it shows an expiry time, not of 1200s into the future, but roughly 1300s into the future.&nbsp;
If I change the command to HTTP::cookie expires  1 relative which should mean it expires within 1 second the cookie arrives with an expiry of around 90s&nbsp;
The F5 has NTP enabled and has the correct time showing, the laptop also has NTP / correct time so I am at a loss to understand why the additional time being added to the cookie.&nbsp;
Is this a known bug or can somebody suggest something else I can check.&nbsp;
Regards&nbsp;

chris_fp · Answer

I have now tried this on 2 different F5's (virtual) - going to different back-ends etc, one running 11.3.1 and the other running 11.4.1 and they both exhibit the same behaviour!

kevin_davies_40 · Answer

Arent you missing a cookie name from that command?
HTTP::cookie expires cookiename 1 relative

nitass · Answer

it seems okay here. i am using 11.5.1. sgt is gmt+8.
// HTTP::cookie expires test 1 relative

config

root@(B6900-R69-S40)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 100.100.100.41:80
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        http { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 2
}
root@(B6900-R69-S40)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
    when HTTP_RESPONSE {
  HTTP::cookie insert name test value 1234 path / version 0
  HTTP::cookie expires test 1 relative
}
}

test

[root@client3 ~] date; curl -I http://100.100.100.41
Tue Aug  5 15:41:01 SGT 2014
HTTP/1.1 200 OK
Date: Tue, 05 Aug 2014 07:28:45 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sun, 09 Feb 2014 08:39:51 GMT
ETag: "41879c-59-2a9c23c0"
Accept-Ranges: bytes
Content-Length: 89
Content-Type: text/html; charset=UTF-8
Set-Cookie: test=1234;expires=Tue, 05-Aug-2014 07:41:03 GMT;path=/;

// HTTP::cookie expires test 1300 relative

config

root@(B6900-R69-S40)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
    when HTTP_RESPONSE {
  HTTP::cookie insert name test value 1234 path / version 0
  HTTP::cookie expires test 1300 relative
}
}

test

[root@client3 ~] date; curl -I http://100.100.100.41
Tue Aug  5 15:42:29 SGT 2014
HTTP/1.1 200 OK
Date: Tue, 05 Aug 2014 07:30:13 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sun, 09 Feb 2014 08:39:51 GMT
ETag: "41879c-59-2a9c23c0"
Accept-Ranges: bytes
Content-Length: 89
Content-Type: text/html; charset=UTF-8
Set-Cookie: test=1234;expires=Tue, 05-Aug-2014 08:04:10 GMT;path=/;

chris_fp · Answer

cookiename is the scrubbed version of what the cookie is actually called...

chris_fp · Answer

Yesterday one of the boxes appeared to be adding almost 120 seconds to the total. There does not appear to be any pattern to it

Forum Discussion

iRule adding extra time to HTTP::cookie expires <cookiename> 1200 relative command

8 Replies

Recent Discussions

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

Related Content

iRule to take cookie from HTTP Response into HTTP Request via table

Change cookie domain in HTTP::respond

Lightboard Lessons: HTTP Cookie SameSite Attribute

HTTP To HTTPS Cookie Persistence

Reorder Http Cookies