vADC Forum

Reply
New Contributor
Posts: 2
Registered: ‎11-12-2013
Accepted Solution

Need to mark x-mapping cookie with httponly flag

All,

Any assistance here would be greatly appreciated.

I have a need to flag or mark the x-mapping cookie which the Stingray 8.1 generates as "httponly."

For example, the reponsecookie which is sent may have a name of X-Mapping-edockdcg and I just need the script to intercept that cookie, parse it, leave all parameters the same, but add the "httponly" flag to it.

Please let me know if you need any more info.

Occasional Contributor
Posts: 7
Registered: ‎07-15-2013

Re: Need to mark x-mapping cookie with httponly flag

Sean,

  • Using the following as a response rule on the virtual server adds the "HttpOnly" flag to a new cookie.  Hopefully someone else can provide a way to append the "HttpOnly" flag to the X-Mapping cookie that gets set when using transparent session affinity.

$new_cookie = http.setResponseCookie( "HTTP_ONLY", "V5thaxebusejufre;path=/; HttpOnly" );

11-12-2013 3-49-44 PM.png


  • A second option is using the following TrafficScript response rule where the same cookie value from the X-Mapping cookie is also used for the HTTP_ONLY cookie.


$cookie = http.getResponseCookie( "X-Mapping-oajlgmia" );

log.info ( "Cookie value is:  " .$cookie );

http.setResponseCookie( "HTTP_ONLY", $cookie. ";path=/; HttpOnly" );

11-13-2013 8-41-40 AM.png

Mike

Brocadian
Posts: 2
Registered: ‎11-29-2012

Re: Need to mark x-mapping cookie with httponly flag

$cookies = http.getResponseCookies();

foreach( $cookie in hash.keys( $cookies ) ) {

    if( string.regexmatch( $cookie, "^X-Mapping-" ) ) {

       http.setResponseCookie($cookie,$cookies[$cookie],"path=/; HttpOnly");

    }

}

New Contributor
Posts: 2
Registered: ‎11-12-2013

Re: Need to mark x-mapping cookie with httponly flag

Thank you so much Chris. Let me plug this in have it tested. Again, a million thanks!

N/A
Posts: 1
Registered: ‎02-19-2014

Re: Need to mark x-mapping cookie with httponly flag

I had a similar need, but slightly more complex. I needed all cookies coming from the servers to have both the secure and httponly flags set, but it was critical that the domain, path and expires options were kept. So I combined Chris Naccarato's script with the one listed on HowTo: Handle cookies in TrafficScript and my own thinking and came up with the following:


#Force HttpOnly and Secure flags for all cookies, but keep domain, path and expires.


$sc = http.getResponseHeader( "Set-Cookie" );


if ($sc != "") {


  # Build an array of cookies set by the server


  $cookies = [];


  foreach( $line in string.split( $sc, "\r\nSet-Cookie:" ) ) {


      $cookie = [];


      $kvs = string.split( $line, ";" );


      $a = string.trim( array.shift( $kvs ));


      $cookie["name"]  = string.left($a,string.find($a,"="));


      $cookie["value"] = string.right($a,string.len($a) - string.find($a,"=") - 1);


      while ( array.length ( $kvs ) > 0 ) {


        if ( string.regexmatch( string.trim( $kvs[0] ), "^path", "i" ) ) {


            $a = string.split( array.shift ( $kvs ), "=");


            $cookie["path"] = $a[1];


        } else if ( string.regexmatch( string.trim( $kvs[0] ), "^domain", "i" ) ) {


            $a = string.split( array.shift ( $kvs ), "=");


            $cookie["domain"] = $a[1];


        } else if ( string.regexmatch( string.trim( $kvs[0] ), "^expires", "i" ) ) {


            $a = string.split( array.shift ( $kvs ), "=");


            $cookie["expires"] = $a[1];


        } else if ( string.regexmatch( string.trim( $kvs[0] ), "^secure", "i" ) ) {


            $cookie["secure"] = array.shift ( $kvs );


        } else if ( string.regexmatch( string.trim( $kvs[0] ), "^httponly", "i" ) ) {


            $cookie["httponly"] = array.shift ( $kvs );


        } else if ( string.trim( $kvs[0] ) == "" ) {


            #ignore, blank cookie option


            array.shift( $kvs );


        } else {


            log.info( "Unknown cookie option: ".array.shift( $kvs )." for new cookie ".$cookie["name"] );


        }


      }


      array.push( $cookies, $cookie );


  }


  # Rebuild the cookies with the secure and HttpOnly flags before sending them to the browser


  foreach( $cookie in $cookies ) {


      $newcookieoptions = "";


      if ( string.trim( $cookie["domain"] ) != "" ) {


        $newcookieoptions = "domain=".$cookie["domain"]."; ";


      }


      if ( string.trim( $cookie["path"] ) != "" ) {


        $newcookieoptions = $newcookieoptions."path=".$cookie["path"]."; ";


      }


      if ( string.trim( $cookie["expires"] ) != "" ) {


        $newcookieoptions = $newcookieoptions."expires=".$cookie["expires"]."; ";


      }


      $newcookieoptions = $newcookieoptions." secure; HttpOnly";


      http.setResponseCookie( $cookie["name"],$cookie["value"],$newcookieoptions );


  }


}


Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.