hooleylist
Dec 14, 2007Cirrostratus
Manipulating a decrypted cookie value using HTTP::cookie decrypt
Hi,
I'm running into an issue on 9.2.4 when trying to get and potentially manipulate the unencrypted value of a cookie. I encrypt the cookie sent in the response using HTTP::cookie encrypt and then use this code in the HTTP_REQUEST event to decrypt it:
if {$::error_cookie_debug}{log local0. "Original error cookie value: [HTTP::cookie value $::error_cookie]"}
HTTP::cookie decrypt $::error_cookie $::cookie_pass 128
if {$::error_cookie_debug}{log local0. "Decrypted error cookie value: [HTTP::cookie value $::error_cookie]"}
The log output shows the encrypted value for both log entries:
Original error cookie value: hPMuQ/vZ3BwWZhe71UizCYaIirs0LFB3vKtchKRLWZGSNjLH
Decrypted error cookie value: hPMuQ/vZ3BwWZhe71UizCYaIirs0LFB3vKtchKRLWZGSNjLH
Is this because the cookie value is being cached? If so, is there a way to get the value of the decrypted cookie?
As a workaround, I've had to use AES::encrypt to set the value of the cookie in the response and then use AES::decrypt on the subsequent request. This limits the value of the HTTP::cookie encrypt/decrypt functions though.
Thanks in advance for any suggestions.
Aaron