cookie encryption iRule not working in v11

We have the following iRule in use in our v10 systems for cookie encryption and it is working fine:

priority 400

when CLIENT_ACCEPTED {

set static::passphrase "abcd1234"

}

when RULE_INIT {

set static::encryption_debug 2

if {[info exists static::global_encrypt_key_v1] and [string length $static::global_encrypt_key_v1]}{

if {$static::encryption_debug > 1}{log local0. "Using existing key: $static::global_encrypt_key_v1"}

} else {

set static::global_encrypt_key_v1 [AES::key 128]

if {$static::encryption_debug > 1}{log local0. "Created new encryption key: $static::global_encrypt_key_v1"}

}

}

when HTTP_RESPONSE {

foreach a_cookie [HTTP::cookie names] {

if {$a_cookie starts_with "BIGipServer" and $a_cookie ne "BIGipServerapache_indexes_pool"}{

HTTP::cookie encrypt $a_cookie $static::passphrase

persist cookie insert $a_cookie

}

}

}

when HTTP_REQUEST {

foreach a_cookie [HTTP::cookie names] {

if {$a_cookie starts_with "BIGipServer" and $a_cookie ne "BIGipServerapache_indexes_pool"}{

HTTP::cookie decrypt $a_cookie $static::passphrase

}

}

}

However, when upgrading to v11, the LTM was sending resets back to the server after every HTTP response, getting the following error message:

TCL error: /Common/cookie_encryption_rule - Operation not allowed. (line 1) (line 1) invoked from within "persist cookie insert $a_cookie" ("foreach" body line 4) invoked from within "foreach a_cookie [HTTP::cookie names] { if {$a_cookie starts_with "BIGipServer" and $a_cookie ne "BIGipServerapache_indexes_pool"}{ HTTP::co..."

In researching iRule differences for v11, all I can find are changes related to data groups. What part of the iRule is not supported in v11? How can I write the iRule in v11 to keep the encryption working?

Thanks,

Cole