Cookie encryption variability

Question

Hi all,&nbsp;
&nbsp;This may be a very stupid question...  I am encrypting a cookie with a static name and value, but see in the logs that the encrypted value changes with each session.  If I am using the same name, value, and passphrase for the encryption across the board, I would have expected the encrypted result to be the same; does "HTTP::cookie encrypt" include other seed factors into the encryption algorithm?&nbsp;
&nbsp;Thanks,
&nbsp;Jen&nbsp;

hooleylist · Answer

Hi Jen, 
&nbsp;  
&nbsp; The HTTP::cookie encrypt function does use a salt.  So the cipher text should be different for each encryption iteration even with the same plaintext input. 
&nbsp;  
&nbsp; Aaron

dubdub · Answer

Great, thank you for the information!

hem_66900 · Answer

Does any one happen to know what algorithm F5 uses to encrypt cookies.MD5 or SHA&nbsp;

Forum Discussion

Cookie encryption variability

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Let's Encrypt

Encrypting Cookies

Cookie Encryption

Automate Let's Encrypt Certificates on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS