Forum Discussion
BT_90520
Jun 07, 2012Nimbostratus
Modified domain cookie is the minimal violation that we should really catch - that is actually tampering the actual web application cookie like your jsession, php_session etc. There are more to track (see below link) but personally, that is mandatory since it is user appl and specifically configured to track the trusted session. The moment session cookie is tampered, quite a few abuse cases can happened like session replay, hijack etc. Even XSS like to reveal session cookie
http://support.f5.com/kb/en-us/solutions/public/6000/800/sol6850.html