arjen_kuindersm
Jul 15, 2015Nimbostratus
Adding secure and httponly to cookies with same cookiename
Hi
While implementing secure/httponly Cookies i have discovered that it's difficult to extract cookie name/values. I have the following code:
when CLIENT_ACCEPTED {
Check for SSL
if {[TCP::local_port] eq 443 } {
set makeCookieSecure 1
} else {
set makeCookieSecure 0
}
}
when HTTP_RESPONSE {
Secure Cookies / Httponly
set myValues [HTTP::cookie names]
foreach x $myValues {
set cookieName $x
set cookieValue [HTTP::cookie value $x]
log local0. "cookie: $x value $cookieValue"
HTTP::cookie remove $x
HTTP::cookie insert name $cookieName value $cookieValue path "/" version 1
if {$makeCookieSecure} {HTTP::cookie secure $x enable}
HTTP::cookie httponly $x enable
}
}
The code works, but when there are 2 cookies with the same name, the "set cookieValue [HTTP::cookie value $x]" retrieves the 1st cookie overwriting newer set values. Browsers can handle multiple cookies overwriting the cookie with the last value. Is there a way to extract the cookies from the headers as an index?