ltm rule command HTTP cookie
iRule(1) BIG-IP TMSH Manual iRule(1)
HTTP::cookie
Queries for or manipulates cookies in HTTP requests and responses.
SYNOPSIS
HTTP::cookie 'attribute' COOKIE_NAME (
('insert' ATTRIBUTE (VALUE)?) |
('exists' ATTRIBUTE) |
('value' ATTRIBUTE (VALUE)?) |
('remove' ATTRIBUTE) |
'names' |
'count')
HTTP::cookie 'comment' COOKIE_NAME (VALUE)?
HTTP::cookie 'commenturl' COOKIE_NAME (VALUE)?
HTTP::cookie 'count'
HTTP::cookie 'decrypt' COOKIE_NAME PASS ('128' | '192' | '256')?
HTTP::cookie 'domain' COOKIE_NAME (VALUE)?
HTTP::cookie 'encrypt' COOKIE_NAME PASS ('128' | '192' | '256')?
HTTP::cookie 'exists' COOKIE_NAME
HTTP::cookie 'expires' COOKIE_NAME (NONNEGATIVE_INTEGER
('absolute' | 'relative')? )?
HTTP::cookie 'httponly' COOKIE_NAME (BOOL_VALUE)?
HTTP::cookie 'insert'
'name' COOKIE_NAME
'value' VALUE
((('path' VALUE)
('domain' VALUE)
('version' ('0' | '1' | '2' | '3'))
)#
)?
HTTP::cookie 'maxage' COOKIE_NAME (VALUE)?
HTTP::cookie 'names'
HTTP::cookie 'path' COOKIE_NAME (VALUE)?
HTTP::cookie 'ports' COOKIE_NAME (VALUE)*
HTTP::cookie 'remove' COOKIE_NAME
HTTP::cookie 'sanitize' ('-attributes' | '-names')? (VALUE)*
HTTP::cookie 'secure' COOKIE_NAME (BOOL_VALUE)?
HTTP::cookie 'value' COOKIE_NAME (VALUE)?
HTTP::cookie 'version' COOKIE_NAME (VALUE)?
HTTP::cookie COOKIE_NAME_HTTP (VALUE)?
DESCRIPTION
Queries for or manipulates cookies in HTTP requests and responses. This command replaces the BIG-IP 4.X variable
http_cookie.
Syntax
HTTP::cookie names
* Returns a TCL list containing the names of all the cookies present in the HTTP headers.
HTTP::cookie count
* Returns the number of cookies present in the HTTP headers.
HTTP::cookie [value] [string]
* Sets or gets the value of an existing cookie with the given name. You can omit the keyword "value" from this command if the cookie name does not collide with any of the other commands. If the cookie does not exist when retrieving a cookie value, a null string will be returned.
HTTP::cookie version [version]
* Gets or sets the version of the cookie. If a version 0 cookie is created using HTTP::cookie insert with attributes, attempting to set the version with this command will generate a TCL error.
HTTP::cookie path [path]
* Sets or gets the cookie path.
HTTP::cookie domain [domain]
* Sets or gets the cookie domain.
HTTP::cookie ports [portlist]
* Sets or gets the cookie port lists for Version 2 cookies.
HTTP::cookie insert name value [path ] [domain ] [version <0 | 1 | 2>]
* In an HTTP response, adds an additional Set-Cookie header. In an HTTP request, adds an additional Cookie header (tested in 10.2.4). To make the request compliant with RFC 6265, use HTTP::header for cookie insertion. The default value for the version is 0. If the cookie already exists, a second cookie will be inserted (tested in 9.2.4).
HTTP::cookie remove
* Removes a cookie.
HTTP::cookie sanitize [attribute]+ HTTP::cookie sanitize <-attributes|-names>
* Removes all but the specified attributes from the specified cookie. If no attributes are specified, then the cookie attributes are not modified. The second format above is strictly for versions 11.0 and greater.
HTTP::cookie exists
* Returns a true value if the cookie exists.
HTTP::cookie maxage [seconds]
* Sets or gets the max-age. Applies to Version 1 and 2 cookies only, and applies to responses only.
HTTP::cookie expires [seconds] [absolute | relative]
* Sets or gets the expires attribute. Applies to Version 0 cookies only. If you specify the absolute argument, the seconds value represents number of seconds since the UNIX epoch (January 1, 1970). The default number of seconds is relative, which is the number of seconds from the current time. Applies to responses only.
HTTP::cookie comment [comment]
* Sets or gets the cookie comment. Applies to Version 1 and 2 cookies only, and applies to responses only.
HTTP::cookie secure [enable | disable]
* Sets or gets the value of the "secure" attribute. Applies to responses only. 'HTTP::cookie secure ' returns "enable" or "disable" depending on whether the secure flag is set. If 'HTTP::cookie secure enable' is used on a cookie which already has the secure flag set, no change is made to the cookie.
HTTP::cookie commenturl [commenturl]
* Sets or gets the comment URL. Applies only to Version 2 cookies, and applies to responses only.
HTTP::cookie encrypt ["128" | "192" | "256"]
* Encrypts the value for the given cookie using a key generated from the pass phrase. The default key length is 128. The encryption method is AES. For an example, check the Codeshare rule, EncryptingCookies.
Note that the performance of HTTP::cookie encrypt|decrypt is significantly lower than encrypting|decrypting cookies via a custom HTTP profile's cookie encryption option or using AES::encrypt|AES::decrypt to manually encrypt|decrypt the cookie values. This is due to differences in the encryption key generation.
HTTP::cookie decrypt ["128" | "192" | "256"]
* Decrypts the value for the given cookie using a key generated from the pass phrase. The default key length is 128. The encryption method is AES. For an example, check the Codeshare rule, EncryptingCookies.
Note that the performance of HTTP::cookie encrypt|decrypt is significantly lower than encrypting|decrypting cookies via a custom HTTP profile's cookie encryption option or using AES::encrypt|AES::decrypt to manually encrypt|decrypt the cookie values. This is due to differences in the encryption key generation.
Function returns the decrypted value.
HTTP::cookie httponly [enable | disable]
* Sets or gets the value of the "httponly" attribute. Applies to responses only, applies to version 1 and 2 cookies only, available only in v11+. 'HTTP::cookie httponly ' returns "enable" or "disable" depending on whether the httponly flag is set. If 'HTTP::cookie httponly enable' is used on a cookie which already has the httponly flag set, no change is made to the cookie.
HTTP::cookie attribute insert
* Appends a new attribute to a specified cookie.
HTTP::cookie attribute exists
* Returns a true value if the attribute for a specified cookie exists.
HTTP::cookie attribute value
* Sets a value or returns a value for the given attribute in a specified cookie.
HTTP::cookie attribute remove
* Removes the attribute with a given name in a specified cookie.
HTTP::cookie attribute names
* Returns a list of attributes for a specified cookie.
HTTP::cookie attribute count
* Returns a number of attributes for a specified cookie.
RETURN VALUE
VALID DURING
CACHE_REQUEST, CACHE_RESPONSE, HTTP_REQUEST, HTTP_REQUEST_DATA, HTTP_REQUEST_SEND, HTTP_RESPONSE, HTTP_RESPONSE_CONTINUE,
HTTP_RESPONSE_DATA, MR_INGRESS, MR_EGRESS
EXAMPLES
# Rename a cookie by inserting a new cookie name with the same value as the original. Then remove the old cookie.
when HTTP_REQUEST {
# Check if old cookie exists in request
if { [HTTP::cookie exists "old-cookie-name"] } {
# Insert a new cookie with the new name and old cookie's value
HTTP::cookie insert name "new-cookie-name" value [HTTP::cookie value "old-cookie-name"]
# Remove the old cookie
HTTP::cookie remove "old-cookie-name"
}
}
# Set the version to 1 first because HttpOnly can only be set for cookies with version 1 or 2 and the default version is 0:
# Set HttpOnly on all LTM and app generated cookies
when HTTP_RESPONSE {
set cookieNames [HTTP::cookie names]
foreach aCookie $cookieNames {
HTTP::cookie version $aCookie 1
HTTP::cookie httponly $aCookie enable
}
}
# Or just for one statically defined cookie:
when HTTP_RESPONSE {
HTTP::cookie version myCookie 1
HTTP::cookie httponly myCookie enable
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-9.0.0 --First introduced the command. @BIGIP-12.0.0 --Added HTTP::cookie attribute.
BIG-IP 2022-04-12 iRule(1)