Forum Discussion

MDPF52_180608's avatar
MDPF52_180608
Icon for Nimbostratus rankNimbostratus
Feb 02, 2015

iRule delete cookie value on a 302 redirect

Hello DevCentral Community,

 

I want to ask you how I can re-initialize a cookie in order to clean the value in it, like:

 

If i click on the logout URI my cookie "Cookie_Name" value will change to an empty value.

 

All of this stuff must be executed in a HTTP::respond 302 like:

 

HTTP::respond 302 Location $redirecturi Set-Cookie {cookie_name="Cookie_name"; Path=/; Expires=Thurs, 01-Jan-1970 00:00:00 GMT;}

 

How i can accomplish this ? Is possible to force the expiration of the cookie if the cookie is a Session-based time expiration ?

 

Thanks in advance ,

 

M.

 

13 Replies

  •  HTTP::respond 302 location "https://www.mydomain.com/" \
     Set-Cookie "MY_COOKIE_NAME=path=/; domain=.mydomain.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT"

    Use the code above; replace the values as necessary. This will instruct client's web-browser to expire(invalidate) an existing session cookie MY_COOKIE_NAME.

     

    • MDPF52_180608's avatar
      MDPF52_180608
      Icon for Nimbostratus rankNimbostratus
      Thank you! Another little question, if i want to do it on multiple cookies, how can i accomplish this ? Thanks in advance, Best Regards, M.
    • MDPF52_180608's avatar
      MDPF52_180608
      Icon for Nimbostratus rankNimbostratus
      Extra info : i have the HttpOnly and Secure flags set on the cookies
  •  HTTP::respond 302 location "https://www.mydomain.com/" \
     Set-Cookie "MY_COOKIE_NAME=path=/; domain=.mydomain.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT"

    Use the code above; replace the values as necessary. This will instruct client's web-browser to expire(invalidate) an existing session cookie MY_COOKIE_NAME.

     

    • MDPF52_180608's avatar
      MDPF52_180608
      Icon for Nimbostratus rankNimbostratus
      Thank you! Another little question, if i want to do it on multiple cookies, how can i accomplish this ? Thanks in advance, Best Regards, M.
    • MDPF52_180608's avatar
      MDPF52_180608
      Icon for Nimbostratus rankNimbostratus
      Extra info : i have the HttpOnly and Secure flags set on the cookies
  • You can accomplish the same for multiple cookies by adding more "Set-Cookie" headers (1 header per cookie to invalidate). If the solution works for you please mark it as answered to help other community members.

     HTTP::respond 302 location "https://www.mydomain.com/" \
     Set-Cookie "MY_COOKIE_NAME=path=/; domain=.mydomain.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT" \
     Set-Cookie "MY_COOKIE_NAME2=path=/; domain=.mydomain.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT" \
     Set-Cookie "MY_COOKIE_NAME3=path=/; domain=.mydomain.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT"
    
    • MDPF52_180608's avatar
      MDPF52_180608
      Icon for Nimbostratus rankNimbostratus
      Thank you, but maybe i missed something because after the redirect i can see that the cookies are still present in my browser and the page returns me a 404 error code, how i can verify it ?
  • You can accomplish the same for multiple cookies by adding more "Set-Cookie" headers (1 header per cookie to invalidate). If the solution works for you please mark it as answered to help other community members.

     HTTP::respond 302 location "https://www.mydomain.com/" \
     Set-Cookie "MY_COOKIE_NAME=path=/; domain=.mydomain.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT" \
     Set-Cookie "MY_COOKIE_NAME2=path=/; domain=.mydomain.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT" \
     Set-Cookie "MY_COOKIE_NAME3=path=/; domain=.mydomain.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT"
    
    • MDPF52_180608's avatar
      MDPF52_180608
      Icon for Nimbostratus rankNimbostratus
      Thank you, but maybe i missed something because after the redirect i can see that the cookies are still present in my browser and the page returns me a 404 error code, how i can verify it ?
  • Sorry but, when try the redirect it says Error 404 not found, how i can verify if my set cookie instruction is wrong and this is the cause of the error 404 ?

     

    What i should expect on the cookie ? Does the cookie should disappear ?

     

    Thanks in advance ,

     

    M.

     

    • Hannes_Rapp's avatar
      Hannes_Rapp
      Icon for Nimbostratus rankNimbostratus
      You are telling the web browser to invalidate the cookies with your HTTP 302 response (originating from F5). If the redirect destination replies back with HTTP 404, it does not matter - the cookies are already invalidated by then. However, for your solution to work, you must verify that the redirect destination does not re-insert the same cookies you've just invalidated. Look "Set-Cookie" headers in the HTTP 404 response. I recommend Chrome DEV tools, or Firefox's Firebug AddOn for the verification purpose.