Cookie encryption and RAW data required

Question

Dear all, &nbsp;
Have a query on cookie&nbsp;
What is the Recommended Industrial best practise for cookie encryption&nbsp;
One of our customer needs cookie encryption enabled.. at the same time... Part of of cookies should be available RAW for his application to work..&nbsp;
Need your suggestions/ideas to take this forward&nbsp;

sonne_133164 · Answer

question is whether there is anything sensitive within the cookie, why you need to encrypt cookie? using https against mitm isn't enough? is client storing this cookie for a longer period and you expect someone will access it, tamper it, etc...?&nbsp;
for the best practices:&nbsp;
limit the amount of sensitive information stored in the cookie.limit the subdomains and paths to prevent interception by another application.enforce SSL so the cookie isn’t sent in cleartext.make the cookie HttpOnly
perhaps you can read more at https://www.owasp.org/index.php/Session_Management_Cheat_SheetCookies&nbsp;

Forum Discussion

Cookie encryption and RAW data required

Recent Discussions

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Need Urgent BIGIP Trial License and VM Image

APM for banner and cert

How to Renew F5 Device Certificate

UCS backup not loading Big IP DNS pool

Related Content

Encrypting Cookies

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Let's Encrypt

Cookie Encryption

Load Balancing TCP TLS Encrypted Syslog Messages

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS