To set the "secure" attribute (but not the HTTPOnly attribute) on HTTP cookies, perform the following steps:
- Login to the admin console
- Navigate to Services > Virtual Servers > <Select HTTP(S) Virtual Servers> > Connection Management > Cookie Settings > cookie|secure
- Select dropdown for Set 'secure' tag"
- Click Update
For setting "HttpOnly" and/or Secure attributes, use the http.setResponseCookie()
API in a traffic script rule as follows.
$cookies = http.getResponseCookies();
foreach( $cookie in hash.keys( $cookies ) ) {
if( string.regexmatch( $cookie, "^X-Mapping-" ) ) {
http.setResponseCookie($cookie,$cookies[$cookie],"path=/; secure; HttpOnly");
}
}
Note that if the http.changesite() API is also being used, it will be required to
use http.sendResponse() instead of http.setresponsecookie() to set these flags as follows
http.sendResponse("301 Moved Permanently",
"text/html", "Go away",
"Location: https://www.redirect.com/redirect\rSet-Cookie: X-Mapping-jidfkjbo=; path=/; secure; HttpOnly");