Bug ID 518283: Cookie rewrite mangles 'Set-Cookie' headers

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.6.0, 11.5.3, 11.5.2, 11.5.1, 11.4.1, 11.2.1

Fixed In:
11.6.0 HF6, 11.5.4

Opened: Apr 15, 2015

Severity: 3-Major

Related Article: K16524

Symptoms

'Set-Cookie' headers are syntactically invalid.

Impact

'Set-Cookie' headers in the client side become syntactically invalid (two 'Path' values that can be contradictory, plus a broken 'Expires' string).

Conditions

Rewrite profile and 'Set-Cookie' header has 'Expires' attribute before 'Path' attribute.

Workaround

Put the 'Path' attribute before 'Expires' attribute.

Fix Information

The 'Expires' attribute is now properly parsed.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips