Forum Discussion

Daniel_Tremmel's avatar
Daniel_Tremmel
Icon for Altostratus rankAltostratus
Jun 04, 2014

APM iRule Event: insert Cookie after Logon Page

Hi all,

following situation: when a user wants to access an application server, the user has to authenticate via Active Directory. Then a cookie with the username and a random number will be added to the request and after that, the requests gets to the application server in the backend.

Logon Page via APM is working, also the ACCESS_POLICY_AGENT_EVENT, the question is how can I insert a cookie after the iRule Event in the APM Policy is triggered? "HTTP::cookie insert" is only working with HTTP_REQUEST and HTTP_RESPONSE, but if I do a 

when HTTP_REQUEST { HTTP::cookie insert name "MyCookie" value "MyValue" path "/" }

the cookie gets inserted right with loading the Logon Page, and thats too early because at this point I don't have all the information for the cookie.

best regards, Daniel

APM
application delivery
deployment
devops
iRules
LTM
security

11 Replies

Sort By
  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus
    Jun 04, 2014

    May be this;

    when ACCESS_ACL_ALLOWED {
  HTTP::cookie insert name "MyCookie" value "MyValue" path "/"
}
  • Daniel_Tremmel's avatar
    Daniel_Tremmel
    Icon for Altostratus rankAltostratus
    Jun 04, 2014

    just tried it with Firefox and Safari (cache and cookies cleared), in both browsers I don't get a cookie after login in... any ideas?

     

  • Daniel_Tremmel's avatar
    Daniel_Tremmel
    Icon for Altostratus rankAltostratus
    Jun 05, 2014

    The "problem" is that the backend application server only accepts requests when the client already has this special cookie with information about his username, his employee number, etc.

     

  • Daniel_Tremmel's avatar
    Daniel_Tremmel
    Icon for Altostratus rankAltostratus
    Jun 06, 2014

    I can confirm that I get no error message regarding syntax or stuff like that, but there's simply no cookie added after accessing the backend server.

    I used

    when HTTP_REQUEST_SEND {

    clientside {

    HTTP::cookie insert name "meinNeuesCookie" value "abc12345" path "/"

    }

    }

    Without "clientside" I get an syntax error...

  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus
    Jun 06, 2014

    You may need both, one to insert the cookie to the application server and the other to set the cookie back to the client browser. And some logic avoid the repeat.

    when HTTP_REQUEST {
  set flag 0
  if { [HTTP::cookie MyCookie] ne "" }{
     set flag 1
  }
}

when ACCESS_ACL_ALLOWED {
  if { $flag eq 0 }{
     HTTP::cookie insert name "MyCookie" value "MyValue" path "/"
  }
}

when HTTP_RESPONSE {
  if { $flag eq 0 }{
      HTTP::header insert "Set-Cookie"  "MyCookie=MyValue;path=/"
  }
  unset flag
}
  • Daniel_Tremmel's avatar
    Daniel_Tremmel
    Icon for Altostratus rankAltostratus
    Jun 10, 2014

    Hi kunjan,

     

    thanks for your code, we've tested it but it seems that the cookie gets only inserted at HTTP_RESPONSE, after the server response. Our web application on the backend server checks if our cookie exists on first request, and if not it gives us a different response. After reloading the page in the active browser session, the application has recognized the cookie, which means that the cookie gets inserted after the first request.

     

    As said above, I need to manipulate the first request so that the cookie is already be there when it gets to the web application.

     

    Why do you need the "Set-Cookie" header, what is it for?