Forum Discussion

trx's avatar
trx
Aug 04, 2010

How to set/detect/read cookies on the client machine

Hello All, I am trying to set a cookie and detect it on the client machine, but am having issues detecting the cookie. My goal is to send credentials over SSL and go back to HTTP after it's been validated. A couple of questions. 1) To set a cookie on the client machine, IRules must set the cookie on the HTTP_Response event, correct? ex) if { not ([HTTP::cookie exists "NAME"]) } { HTTP::cookie insert name "NAME" value "cookie exist" } 2) To check if the cookie exist on the client machine I would have to check cookie on the HTTP_REQUEST event, correct? if { ([HTTP::cookie exists "NAME"]) } { // 301 redirect } 3) Are the JSESSIONID cookies set on the server as well? If so where do they usually live? We are using WebSphere. Any help/direction is fully appreciated. Regards, TRX
application delivery
dev
devops
iRules

6 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Aug 04, 2010
    Hi Trx,

     

     

    If you want to send a cookie to the client you'd set it in HTTP_RESPONSE. If you want to insert a cookie in the request sent to the pool, you'd do it in HTTP_REQUEST. To determine if the client included a cookie in the request, you'd check in HTTP_REQUEST. JSESSIONID cookies are set by the web app. They could be set as session cookies (no expiration time) or as persistent cookies (with an explicit expiry date). Session cookies are stored in memory while persistent cookies are stored on disk.

     

     

    You can use a browser plugin like HttpFox for Firefox or Fiddler for IE to view the cookies being received and sent on the client.

     

     

    Aaron
  • trx's avatar
    trx
    Aug 04, 2010
    When you say "....client included a cookie in the request...", what do you mean exactly? Where would I check for cookies on the client machine? Or does the user have to send the cookie with the user's request?

     

     

    Let me know.

     

     

    Thanks.

     

     

    Regards,

     

    TRX
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Aug 04, 2010
    You can check which cookies the client sends to LTM using an iRule which logs in HTTP_REQUEST: 

    
when HTTP_REQUEST {

   log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::method] request to [HTTP::host][HTTP::uri]"
   foreach cookie [HTTP::cookie names] {
      log local0. "[IP::client_addr]:[TCP::client_port]: Cookie $cookie = [HTTP::cookie value $cookie]"
   }
}

    To log the cookies in the response, you could use something similar:

    when HTTP_RESPONSE {

    log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::status] response with Set-Cookie headers: [HTTP::header values Set-Cookie]"

    }

    For details on cookies and where browsers store them, you can check these sites:

    http://www.cookiecentral.com/faq/3

    http://www.aboutcookies.org/Default.aspx?page=1

    Aaron
  • trx's avatar
    trx
    Aug 04, 2010
    Hello Aaron,

     

    Had another question/issue.

     

     

    When going from from http to https triggered by a form action URL, the user name and password ONLY gets across to the https VS, but the realm value is lost and cannot be preserved.URL

     

    What do you recommend the best method to post the realm value along with the credentials over https?

     

     

    ex) Please put in an random username/password

     

     

    http://www29.qad.com/partnercenter

     

     

    NOTE: If you view source you will the realm value as hidden and defaulted to "realm1".

     

     

    Is there way to retain user name and password using IRules and then concatenate the realm value

     

    to the post URL (i.e. http://www29.qad.com/partnercenter/?username;password,realm1....)

     

     

    Let me know your thoughts.

     

     

    Thanks in advance.

     

     

    Regards,

     

    Traolly Xiong
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Aug 05, 2010
    Hi TRX,

     

     

    See your other post for a response:

     

     

    http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/afv/topic/aft/1172821/aff/5/showtab/groupforums/Default.aspx

     

     

    Aaron