istockchris_390
Dec 08, 2010Nimbostratus
Masking cookie names from the server
I have fighting sessionID cookies from two different applications. One uses a subdomain, the other uses the root domain. My work around idea is to hide the cookie using the root domain from the application that sets the subdomain cookie. These two application have two different virtual servers.
In order to try to implement this, I've created:
when HTTP_REQUEST{
if { [HTTP::cookie exists "sessionID"] and [HTTP::header "Cookie"] contains "sessionID" } {
log local0. "Should be mangling streams"
STREAM::disable
STREAM::expression "@sessionID@HiddensessionID@"
STREAM::enable
}
}
This just simply does nothing. Watching packets hit the server, "sessionID" is never re-written. However, I do end up with the logged message "Should be mangling streams".
Anyone know why this isn't working for me? It's important that I not delete any cookies, I just want to hide one when using a specific virtual server.