Reset Search



4998 - How to set HTTPOnly and/or Secure attributes on HTTP cookies for virtual Traffic Manager

« Go Back


Last Modified Date12/8/2017 12:17 AM
This article provides information how to set the HTTPOnly or secure attributes on HTTP cookies for vTM.
Problem or Goal

To set the "secure" attribute (but not the HTTPOnly attribute) on HTTP cookies, perform the following steps:

  1. Login to the admin console
  2. Navigate to Services > Virtual Servers > <Select HTTP(S) Virtual Servers> > Connection Management > Cookie Settings > cookie|secure
  3. Select dropdown for Set 'secure' tag"
  4. Click Update

For setting "HttpOnly" and/or Secure attributes, use the http.setResponseCookie() API in a traffic script rule as follows.

$cookies = http.getResponseCookies();
foreach( $cookie in hash.keys( $cookies ) ) {
if( string.regexmatch( $cookie, "^X-Mapping-" ) ) {
http.setResponseCookie($cookie,$cookies[$cookie],"path=/; secure; HttpOnly");

Note that if the http.changesite() API is also being used, it will be required to 
use http.sendResponse() instead of http.setresponsecookie() to set these flags as follows
http.sendResponse("301 Moved Permanently",
"text/html", "Go away",
"Location:\rSet-Cookie: X-Mapping-jidfkjbo=; path=/; secure; HttpOnly");
Related Links
Attachment 1 
Created ByVenkataKondaReddy Palem



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255