cookie encryption iRule not working in v11
We have the following iRule in use in our v10 systems for cookie encryption and it is working fine:
priority 400
when CLIENT_ACCEPTED {
set static::passphrase "abcd1234"
}
when RULE_INIT {
set static::encryption_debug 2
if {[info exists static::global_encrypt_key_v1] and [string length $static::global_encrypt_key_v1]}{
if {$static::encryption_debug > 1}{log local0. "Using existing key: $static::global_encrypt_key_v1"}
} else {
set static::global_encrypt_key_v1 [AES::key 128]
if {$static::encryption_debug > 1}{log local0. "Created new encryption key: $static::global_encrypt_key_v1"}
}
}
when HTTP_RESPONSE {
foreach a_cookie [HTTP::cookie names] {
if {$a_cookie starts_with "BIGipServer" and $a_cookie ne "BIGipServerapache_indexes_pool"}{
HTTP::cookie encrypt $a_cookie $static::passphrase
persist cookie insert $a_cookie
}
}
}
when HTTP_REQUEST {
foreach a_cookie [HTTP::cookie names] {
if {$a_cookie starts_with "BIGipServer" and $a_cookie ne "BIGipServerapache_indexes_pool"}{
HTTP::cookie decrypt $a_cookie $static::passphrase
}
}
}
However, when upgrading to v11, the LTM was sending resets back to the server after every HTTP response, getting the following error message:
TCL error: /Common/cookie_encryption_rule - Operation not allowed. (line 1) (line 1) invoked from within "persist cookie insert $a_cookie" ("foreach" body line 4) invoked from within "foreach a_cookie [HTTP::cookie names] { if {$a_cookie starts_with "BIGipServer" and $a_cookie ne "BIGipServerapache_indexes_pool"}{ HTTP::co..."
In researching iRule differences for v11, all I can find are changes related to data groups. What part of the iRule is not supported in v11? How can I write the iRule in v11 to keep the encryption working?
Thanks,
Cole