Setting HTTPOnly or Secure flag for Session Affinity cookie
In this guide you learn to create a Rewrite set for your Application Gateway and configure Secure and HttpOnly ApplicationGatewayAffinity cookie.
- You must have an Azure subscription. You can create a free account before you begin.
- An existing Application Gateway resource configured with at least one Listener, Rule, Backend Setting and Backend Pool configuration. If you don't have one, you can create one by following the QuickStart guide.
- Sign in to the Azure portal.
- Navigate to the required Application Gateway resource.
- Select Rewrites in the left pane.
- Select Rewrite set.
- Under the Name and Association tab
- Specify a name for this new rewrite set.
- Select the routing rules for which you wish to rewrite the ApplicationGatewayAffinity cookie's flag.
- Select Next.
- Select "Add rewrite rule"
- Enter a name for the rewrite rule.
- Enter a numeric value for Rule Sequence field.
- Select "Add condition"
- Now open the "If" condition box and use the following details.
- Type of variable to check - HTTP header
- Header type - Response header
- Header name - Common header
- Common header - Set-Cookie
- Case-sensitive - No
- Operator - equal (=)
- Pattern to match - (.*)
- To save these details, select OK.
- Go to the Then box to specify action details.
- Rewrite type - Response header
- Action type - Set
- Header name - Common header
- Common header - Set-Cookie
- Header value - {http_resp_Set-Cookie_1}; HttpOnly; Secure
- Select OK
- Select Update to save the rewrite set configurations.