Jump to content
Welcome to our new Citrix community!

Rewrite Set-Cookie with dynamic values

chris Mc

Recommended Posts

Trying to create a rewrite action that will match on "Path=/" on three diffrent set-cookies with some dynamic values. Been trying to use regular expression to search for path=/, but I'm only getting syntex error, not sure how to properly use regex. 

Example I have tried ( q_auth=\(.*\); Max-Age=\(.*\); Expires=\(.*\); Path=sample/; Secure; HTTPOnly\) 

The closest I have gotten was using Replace All action, but this will only change the last cookie and will replace all with "path=/abc".

Target: http.RES.full_Header
Expression: "path=/abc"
Search (text): path=/


< Set-Cookie: q_auth=abc123123abc; Max-Age=1800; Expires=Fri, 45 Jan 2080 08:66:23 GMT; Path=/; Secure; HTTPOnly

< Set-Cookie: inity=abc123123abc;Path=/;HttpOnly;Secure;Domain=citrix.com

< Set-Cookie: initySameSite=abc123123abc;Path=/;HttpOnly;SameSite=None;Secure;Domain=citrix.com

Link to comment
Share on other sites

So, first, I started with a simpler example to do a rewrite so you can see how the policy action should work.

Then we can try to see if its your scenario or your approach that is having the issue.


If this doesn't help get you closer to your solution, then post more info and we can revised.


Test Response Body with content like:


Set-Cookie: sessionid=100xyz; expires=Thu, 09-Oct-2008 18:30:00 GMT; path=/

Set-Cookie: cookie2=100xyz; expires=Thu, 09-Oct-2008 18:30:00 GMT; path=/def

Set-Cookie: cookie3=100xyz; expires=Thu, 09-Oct-2008 18:30:00 GMT; path=/ghi


Basic Rewrite Example (CLI) additional notes/comments/screenshots below:

Running config:  add rewrite action rw_act_multicookie replace_all http.RES.FULL_HEADER "\"path=/newpath\"" -search "text(\"path=/\")"


Resulted in this Rewrites:

Set-Cookie: sessionid=100xyz; expires=Thu, 09-Oct-2008 18:30:00 GMT; path=/newpath

Set-Cookie: cookie2=100xyz; expires=Thu, 09-Oct-2008 18:30:00 GMT; path=/newpathdef

Set-Cookie: cookie3=100xyz; expires=Thu, 09-Oct-2008 18:30:00 GMT; path=/newpathghi


Brief explanation:

REPLACE_ALL is a rewrite action that can be used to find multiple instance of a pattern in a request or a response and replace all of them with the SAME final value.

The pattern you are looking for can be based on a static string (such as my example above looking for instances of "path=/" or regex patterns. But the rewrite performed for all instances that the pattern matches will be the same value.


Target Location:  targets whether you are looking at the REQ Header or Body or RES Header or Body.   This needs to be the HTTP.RES.FULL_HEADER which looks at the entire HEADER section and not just a single specific Header such as http.req.header("set-cookie") which would only match one instance.


Expression:  This will be the VALUE to use as the replacement result.


With REPLACE_ALL actions, the additional Search field is used to identify the pattern within the HTTP.RES.FULL_HEADER that needs to be replaced. In can match on a static string OR regex pattern. 


So the example above was accomplished with the following basic example:


Rewrite Action:



Target Location:  http.res.full_header

Expression:  "path=/newpath"

* NOTE:  Expression in this case is what you want to appear in the pattern that you are searching for below. Anything that is NOT policy syntax must be in quotes within the field. If this string will be dynamic, you can use policy syntax not in quotes to build the value BUT it likely has to be based on content already in the response and you would have to want the same replacement value for THIS response. If you need 3 different rewrites for each cookie such as path/newpathABC, path=/newpathDEF, path=/newpathGHI for the three different cookies. you would need to be able to distinguish each of the 3 separate set-cookie responses and do it as 3 separate rewrites.


Search:  (This is the field to find the patther you want to replace in the response header.  IF correct, the REPLACE_ALL action will rewrite every string that matches this search expression.)

I started this one as a simple text string comparison.  With more info, we can try it with the regext you want.



Quotes are not needed in this field.


Refine Search: <blank> as no additional criteria needed. 


Running config:  add rewrite action rw_act_multicookie replace_all http.RES.FULL_HEADER "\"path=/newpath\"" -search "text(\"path=/\")"


Screenshots of this action and an example in the action evaluator provided.




  • Like 1
Link to comment
Share on other sites

Thank you for a very good explanation! 
I was able to achieve what I was trying to perform,Thank you!

I did encounter a novice mistake that nearly made me go insane, could not understand why until I found it.  the built-in evaluator gave me the right result, but when I tried "live" I was still not matching on the correct value, after some time I found out that I had written a lowercase p (path=/) in the search field. While in production the Path=/ is written in capitalised letter.  Not sure why we are using a capitalised P in Path=/, seems like the standard is using lowercase. 

Thank you again! ?

Link to comment
Share on other sites

  • 1 year later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...