adding httponly flag in rule breaks the website

Question

When i apply a irule on https-VIP to add httponly flag for all cookies, the site stop working. Any idea ? 
i_rule :
when HTTP_RESPONSE {
  foreach mycookie [HTTP::cookie names] {
   HTTP::cookie httponly $mycookie enable
  }
}&nbsp;
Thanks&nbsp;

eey0re_68979 · Answer

The HttpOnly flag on a cookie means that the cookie is not visible to any JavaScript which runs in the browser. If setting it breaks your site, then that cookie must be used by scripts on the page.
Further reading: OWASP, MDN.

Forum Discussion

adding httponly flag in rule breaks the website

1 Reply

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Troubeshooting website connection

Fake website, Gmail guideline, GPS spoofing, OWASP LLM, Jan 1st–5th F5SIRT This Week in Security

F5 Websites Accessibility Survey

Getting Started with BIG-IP Next: Adding Instances to Central Manager

adding pool members in cli