Forum Discussion
Kai_Wilke
MVP
Feb 01, 2016Hi Sai,
the problem is caused by those cookies, who already have the "; Secure" and/or "; HttpOnly" option set.
To flush any existing cookie options, you could use a
[substr ${set_cookie_header} 0 ";"]
while substituting the new options...
when HTTP_RESPONSE {
set unsafe_cookie_headers [HTTP::header values "Set-Cookie"]
HTTP::header remove "Set-Cookie"
foreach set_cookie_header $unsafe_cookie_headers {
HTTP::header insert "Set-Cookie" "[substr ${set_cookie_header} 0 ";"]; Secure; HttpOnly"
}
}
Update: My update is still working... hehe^^ You should take a look to Brads approach. Although my iRule would work (in most cases), Brads approach is even more safe to use....
Cheers, Kai