Forum Discussion

Cirrostratus

Mar 09, 2016

APM SessionCookie MRHSession and CSRF

Does the APM MRHSession Cookie have any protections against a CSRF based attack? If we have a Spring application behind APM, do I need to worry about CSRF at the application level? http://docs.s...

application delivery

ASM Advanced WAF

BIG-IP Access Policy Manager (APM)

security

Walter_Kacynski

Cirrostratus

Mar 10, 2016

I thought I saw a reference to a "rolling" cookie value from the APM docs. Maybe this is only used during policy evaluation?

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

Bram - January 2026 Featured Member

DevCentral News

announcement

event

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

Community Articles

application delivery

CIS

container ingress services

devops

Gateway Fabric

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

APM SessionCookie MRHSession and CSRF

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

rSeries Configuration Backup

Questions on Migrating configs from iSeries to RSeries F5s

AST Configuration help

reading Client SSL Profile details via Ansible

Raise your hand if you'll be at AppWorld 2026

Related Content

How To Protect Your Applications from Cross Site Request Forgery (CSRF) with F5 Distributed Cloud

What is MRH? IE. MRHSession cookie

CSRF Prevention with F5's BIG-IP ASM v10.2

Rename default MRHsession cookie?

CSRF Protection not Working

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS