Solved
Forum Discussion
Kai_Wilke
MVP
Feb 25, 2016Hi Simon,
below are two quick codings to sanitize duplicated instances (any number) of a given Set-Cookie...
when HTTP_RESPONSE {
if { [HTTP::header value "Set-Cookie"] ne "" } then {
set cookie_name "MyCookie"
set cookie_count [llength [lsearch -all -glob [HTTP::header values "Set-Cookie"] "$cookie_name=*"]]
while { $cookie_count > 1 } {
set cookie_count [expr { $cookie_count - 1 }]
HTTP::cookie remove $cookie_name
}
}
}
... or ...
when HTTP_RESPONSE {
if { [HTTP::header value "Set-Cookie"] ne "" } then {
set cookie_name "MyCookie"
set cookie_values [lsearch -inline -all -glob [HTTP::header values "Set-Cookie"] "$cookie_name=*"]
set cookie_count [llength $cookie_values]
while { $cookie_count } {
set cookie_count [expr { $cookie_count - 1 }]
HTTP::cookie remove $cookie_name
}
HTTP::header insert "Set-Cookie" [lindex $cookie_values end]
}
}
Note: The first iRule will keep the first instance of "Set-Cookie" (better performance) and the second iRule would keep the last instance of "Set-Cookie" (according to RFC 6265).
Side Note: F5 uses AES to encrypt Cookie information and one of the major design goals of AES was to become somewhat resilent against differential cryptanalysis attacks (unlike DES). So your cookie will be pretty much secured against any (known) form of chosen- or well-known plaintext attacks...
Cheers, Kai