Bug ID 559377: Empty cookie values in the Set-Cookie/Set-Cookie2 header yield iRule cookie parsing errors

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.1.0, 12.0.0 HF3

Opened: Nov 21, 2015

Severity: 3-Major

Related Article: K65315652

Symptoms

An empty value in the first cookie-pair (cookie-name and cookie-value) of the 'Set-Cookie' (or 'Set-Cookie2') HTTP response header produces cookie-parsing errors in server-side iRules using the HTTP::cookie API. For example, the following server-side HTTP response yields an empty cookie 'expires' attribute by the [HTTP::cookie expires $myCookie] iRule API: HTTP/1.1 200 OK Connection: close Content-Type: text/html Content-Length: 0 Set-Cookie: myCookie=; expires=Mon, 11-Oct-1999 22:00:00 GMT; path=/

Impact

Erroneous cookie-parsing in server-side iRules using the HTTP::cookie API, when the HTTP response has an empty value in the first cookie-pair (cookie-name and cookie-value) of the 'Set-Cookie' (or 'Set-Cookie2') HTTP header.

Conditions

Server-side iRule using the HTTP::cookie API for parsing cookie attributes for an HTTP response featuring an empty value in the first cookie-pair (cookie-name and cookie-value) of the 'Set-Cookie' (or 'Set-Cookie2') HTTP header.

Workaround

There is no workaround at this time.

Fix Information

This release fixes cookie parsing for empty cookie pair values so there are no iRule cookie parsing errors.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips