Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Need to mark x-mapping cookie with httponly flag

SOLVED
Go to solution
sean.vu-tran
New Contributor
‎11-12-2013 02:54:PM
‎11-12-2013 02:54:PM

Need to mark x-mapping cookie with httponly flag

All,

Any assistance here would be greatly appreciated.

I have a need to flag or mark the x-mapping cookie which the Stingray 8.1 generates as "httponly."

For example, the reponsecookie which is sent may have a name of X-Mapping-edockdcg and I just need the script to intercept that cookie, parse it, leave all parameters the same, but add the "httponly" flag to it.

Please let me know if you need any more info.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
cnaccarato
Not applicable
‎11-14-2013 01:40:PM
‎11-14-2013 01:40:PM

Re: Need to mark x-mapping cookie with httponly flag

$cookies = http.getResponseCookies();

foreach( $cookie in hash.keys( $cookies ) ) {

    if( string.regexmatch( $cookie, "^X-Mapping-" ) ) {

       http.setResponseCookie($cookie,$cookies[$cookie],"path=/; HttpOnly");

    }

}

View solution in original post

4 REPLIES 4
michael.g.zuckerman
Occasional Contributor
‎11-12-2013 03:55:PM
‎11-12-2013 03:55:PM

Re: Need to mark x-mapping cookie with httponly flag

Sean,

  • Using the following as a response rule on the virtual server adds the "HttpOnly" flag to a new cookie.  Hopefully someone else can provide a way to append the "HttpOnly" flag to the X-Mapping cookie that gets set when using transparent session affinity.

$new_cookie = http.setResponseCookie( "HTTP_ONLY", "V5thaxebusejufre;path=/; HttpOnly" );

11-12-2013 3-49-44 PM.png


  • A second option is using the following TrafficScript response rule where the same cookie value from the X-Mapping cookie is also used for the HTTP_ONLY cookie.


$cookie = http.getResponseCookie( "X-Mapping-oajlgmia" );

log.info ( "Cookie value is:  " .$cookie );

http.setResponseCookie( "HTTP_ONLY", $cookie. ";path=/; HttpOnly" );

11-13-2013 8-41-40 AM.png

Mike

cnaccarato
Not applicable
‎11-14-2013 01:40:PM
‎11-14-2013 01:40:PM

Re: Need to mark x-mapping cookie with httponly flag

$cookies = http.getResponseCookies();

foreach( $cookie in hash.keys( $cookies ) ) {

    if( string.regexmatch( $cookie, "^X-Mapping-" ) ) {

       http.setResponseCookie($cookie,$cookies[$cookie],"path=/; HttpOnly");

    }

}

sean.vu-tran
New Contributor
‎11-14-2013 01:44:PM
‎11-14-2013 01:44:PM

Re: Need to mark x-mapping cookie with httponly flag

Thank you so much Chris. Let me plug this in have it tested. Again, a million thanks!

0 Kudos
mennog
Occasional Visitor
‎02-19-2014 07:29:AM
‎02-19-2014 07:29:AM

Re: Need to mark x-mapping cookie with httponly flag

I had a similar need, but slightly more complex. I needed all cookies coming from the servers to have both the secure and httponly flags set, but it was critical that the domain, path and expires options were kept. So I combined Chris Naccarato's script with the one listed on HowTo: Handle cookies in TrafficScript and my own thinking and came up with the following:


#Force HttpOnly and Secure flags for all cookies, but keep domain, path and expires.

$sc = http.getResponseHeader( "Set-Cookie" );

if ($sc != "") {

  # Build an array of cookies set by the server 

  $cookies = [];

  foreach( $line in string.split( $sc, "\r\nSet-Cookie:" ) ) { 

      $cookie = []; 

      $kvs = string.split( $line, ";" ); 

      $a = string.trim( array.shift( $kvs ));

      $cookie["name"]  = string.left($a,string.find($a,"=")); 

      $cookie["value"] = string.right($a,string.len($a) - string.find($a,"=") - 1);

      while ( array.length ( $kvs ) > 0 ) {

        if ( string.regexmatch( string.trim( $kvs[0] ), "^path", "i" ) ) {

            $a = string.split( array.shift ( $kvs ), "=");

            $cookie["path"] = $a[1];

        } else if ( string.regexmatch( string.trim( $kvs[0] ), "^domain", "i" ) ) {

            $a = string.split( array.shift ( $kvs ), "=");

            $cookie["domain"] = $a[1];

        } else if ( string.regexmatch( string.trim( $kvs[0] ), "^expires", "i" ) ) {

            $a = string.split( array.shift ( $kvs ), "=");

            $cookie["expires"] = $a[1];

        } else if ( string.regexmatch( string.trim( $kvs[0] ), "^secure", "i" ) ) {

            $cookie["secure"] = array.shift ( $kvs );

        } else if ( string.regexmatch( string.trim( $kvs[0] ), "^httponly", "i" ) ) {

            $cookie["httponly"] = array.shift ( $kvs );

        } else if ( string.trim( $kvs[0] ) == "" ) {

            #ignore, blank cookie option

            array.shift( $kvs );

        } else {

            log.info( "Unknown cookie option: ".array.shift( $kvs )." for new cookie ".$cookie["name"] );

        }

      }

      array.push( $cookies, $cookie );

  }

  # Rebuild the cookies with the secure and HttpOnly flags before sending them to the browser

  foreach( $cookie in $cookies ) { 

      $newcookieoptions = "";

      if ( string.trim( $cookie["domain"] ) != "" ) {

        $newcookieoptions = "domain=".$cookie["domain"]."; ";

      }

      if ( string.trim( $cookie["path"] ) != "" ) {

        $newcookieoptions = $newcookieoptions."path=".$cookie["path"]."; ";

      }

      if ( string.trim( $cookie["expires"] ) != "" ) {

        $newcookieoptions = $newcookieoptions."expires=".$cookie["expires"]."; ";

      }

      $newcookieoptions = $newcookieoptions." secure; HttpOnly";

      http.setResponseCookie( $cookie["name"],$cookie["value"],$newcookieoptions );

  }

}

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.