Reset Search
 

 

Article

4998 - How to set HTTPOnly and/or Secure attributes on HTTP cookies for virtual Traffic Manager

« Go Back

Information

 
Last Modified Date12/8/2017 12:17 AM
Synopsis
This article provides information how to set the HTTPOnly or secure attributes on HTTP cookies for vTM.
Problem or Goal
Cause
Solution

To set the "secure" attribute (but not the HTTPOnly attribute) on HTTP cookies, perform the following steps:

  1. Login to the admin console
  2. Navigate to Services > Virtual Servers > <Select HTTP(S) Virtual Servers> > Connection Management > Cookie Settings > cookie|secure
  3. Select dropdown for Set 'secure' tag"
  4. Click Update

For setting "HttpOnly" and/or Secure attributes, use the http.setResponseCookie() API in a traffic script rule as follows.

$cookies = http.getResponseCookies();
foreach( $cookie in hash.keys( $cookies ) ) {
if( string.regexmatch( $cookie, "^X-Mapping-" ) ) {
http.setResponseCookie($cookie,$cookies[$cookie],"path=/; secure; HttpOnly");
}
}

Note that if the http.changesite() API is also being used, it will be required to 
use http.sendResponse() instead of http.setresponsecookie() to set these flags as follows
http.sendResponse("301 Moved Permanently",
"text/html", "Go away",
"Location: https://www.redirect.com/redirect\rSet-Cookie: X-Mapping-jidfkjbo=; path=/; secure; HttpOnly");
Related Links
Attachment 1 
Created ByVenkataKondaReddy Palem

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255