For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Dec 19, 2017

Cookie encryption and RAW data required

Dear all, Have a query on cookie What is the Recommended Industrial best practise for cookie encryption One of our customer needs cookie encryption enabled.. at the same time... Part ...

application delivery

Icon for Nimbostratus rank

Nimbostratus

Dec 21, 2017

question is whether there is anything sensitive within the cookie, why you need to encrypt cookie? using https against mitm isn't enough? is client storing this cookie for a longer period and you expect someone will access it, tamper it, etc...?

for the best practices:

limit the amount of sensitive information stored in the cookie.
limit the subdomains and paths to prevent interception by another application.
enforce SSL so the cookie isn’t sent in cleartext.
make the cookie HttpOnly

perhaps you can read more at https://www.owasp.org/index.php/Session_Management_Cheat_SheetCookies

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Academy at AppWorld 2026

DevCentral News

Introducing the F5 AI Assistant for BIG-IP

Technical Articles

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5