aFleX for cookies httponly with one exception

lukamanka · January 27, 2016, 1:00pm

Hello,

I need to make a script aFleX for cookies with flag HTTPonly with one exception for cookie with name LID.

I tried to use aFleX like below:

when HTTP\_RESPONSE \{
if \{([HTTP::header exists "Set-Cookie"] and [HTTP::cookie contains "LID"])\} \{
set cookie\_value [HTTP::cookie "TestCookie1"]

HTTP::cookie remove “TestCookie1”

HTTP::header insert "Set-Cookie" "TestCookie1=$cookie\_value; secure"

  \} elseif \{[HTTP::header exists "Set-Cookie"]\} \{
set cookie\_value [HTTP::cookie "TestCookie"]

HTTP::cookie remove “TestCookie”

HTTP::header insert "Set-Cookie" "TestCookie=$cookie\_value; HttpOnly"

\}
\}

but it doesn’t work - every cookies don’t have the flag HTTPonly (secure)

dshin · February 3, 2016, 7:09pm

Do you use http or https?

If a cookie with secure flag transmitted by http, the browser would ignore the cookie.

lukamanka · February 4, 2016, 8:18am

It uses https

Discussion		Replies	Views
Cookie Security (HTTPOnly-/Secure-Flag) ADC - Application Delivery	2	251	January 27, 2012
Secure and HttpOnly Cookies aFleX	1	251	December 11, 2013
Setting a Cookie with Secure and HTTPOnly aFleX	1	502	February 22, 2012
AFLEX DEBUG aFleX	2	781	June 22, 2017
Adding "HttpOnly" to Cookie aFleX	0	31	April 12, 2011

aFleX for cookies httponly with one exception

Related topics