F5 iRule to Secure Cookie with HTTPOnly and Secure but not contains cookie name="cnlfsid"

Question

We need to Secure Cookie with HTTPOnly and Secure but not contains a cookie name ="cnlfsid"

Here is my code:

when HTTP_RESPONSE { 
    foreach x [HTTP::cookie names] {

        set ckname $x
        set ckvalue [HTTP::cookie value $x]
        set ckpath [HTTP::cookie value path]

        if {!($ckname equals "cnlfsid")} {
            HTTP::cookie remove $x
            HTTP::cookie insert name $ckname value $ckvalue path $ckpath version 1
            HTTP::cookie secure $ckname enable
            HTTP::cookie httponly $ckname enable    
        }
    }
}

but it can't work. Can someone help me to fix it.

Many thanks

Answered here: https://devcentral.f5.com/questions/f5-irule-to-secure-cookie-with-httponly-and-secure-but-not-contains-cookie-name-cnlfsid-53610 — Jason Rahm, May 31 '17 at 04:38

score 0 · Answer 1 · answered Sep 12 '18 at 14:36

The answer from the f5 forum noted in the comments is:

when HTTP_RESPONSE {
    foreach x [HTTP::cookie names] {
        if { $x equals "cnlfsid" } {
            continue
        }
        set ckname $x
        set ckvalue [HTTP::cookie value $x] 
        set ckpath [HTTP::cookie $x path]
        HTTP::cookie remove $x
        HTTP::cookie insert name $ckname value $ckvalue path $ckpath version 1
        HTTP::cookie secure $ckname enable
        HTTP::cookie httponly $ckname enable
    }
}

Looks like the trick is the continue statement.

F5 iRule to Secure Cookie with HTTPOnly and Secure but not contains cookie name="cnlfsid"

1 Answers1