Setting a Cookie with Secure and HTTPOnly

system · July 12, 2011, 1:37am

Posted by TODDH

We are in the process of going through some compliance audits, and the cookies that the load balancers use to return packets to specific servers can contain the “secure” attribute but we don’t have a way to include the “httponly” attribute. Is there a way with an aFlex to set both?

Thanks,

-Todd-

deastman · February 22, 2012, 5:38pm

when HTTP\_RESPONSE \{
if \{ [HTTP::header exists "Set-Cookie"] \} \{
    set cookie\_value [HTTP::cookie "persistcookie"]

HTTP::cookie remove “persistcookie”

    HTTP::header insert "Set-Cookie" "persistcookie=$cookie\_value;path=/; HttpOnly; Secure"
\}
\}

Discussion		Replies	Views
Cookie Security (HTTPOnly-/Secure-Flag) ADC - Application Delivery	2	253	January 27, 2012
aFleX for cookies httponly with one exception aFleX cookie , aflex , http , slb-adc	2	94	February 4, 2016
Adding "HttpOnly" to Cookie aFleX	0	32	April 12, 2011
Secure and HttpOnly Cookies aFleX	1	252	December 11, 2013
AFLEX DEBUG aFleX	2	783	June 22, 2017

Setting a Cookie with Secure and HTTPOnly

Related topics