Forum Discussion

Nimbostratus

Apr 14, 2015

ASM Cookies - Secure and HTTPOnly flags

Our ASM is naturally setting ASM Cookies on traffic for one of our applications: Set-Cookie: TS013756fc=0178e5fb33c4892a87524f70317d792a83da0c25210a526ac323111db7d157de1c49aad030; Path=/ Howe...

ASM Advanced WAF

security

gsharri

Altostratus

Apr 23, 2015

Re 2: The only downside I see is that which the solution article makes note of: increased processing/resource utilization. If the ASM cookie is causing no negative affects on the server-side then I would let them be.

Re 3: You are correct, ASM cookie cannot be disabled. It is integral to ASM security features. The TS cookie is inserted into every request which is handled by an ASM security policy (if the cookie is not already present). If you are seeing traffic that does not contain the TS cookie then my first guess would be the traffic is not flowing through an ASM security policy but is being sent directly to the pool.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ASM Cookies - Secure and HTTPOnly flags

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Does F5 rSeries 4600 support 3rd Party SFP

no upload file .docx

F5 LACP

F5 BGP Peering in Active /Standby Cluster

AS3 Storage

Related Content

Increased Security With First Party Cookies

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

How to add Httponly and Secure attributes to HTTP cookies (for 11.5.x)

Securing MCP Servers with F5 Distributed Cloud WAF

HTTP Multipart and Security Implications

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS