Forum Discussion

Cirrus

May 01, 2020

Cookie Encyrption Question - I'm confused

Recently we were notified by our Security team that the F5 cookies were not secure and needed to be adjusted. F5 BIG-IP Cookie Remote Information Disclosure (20089) (Tenable scan) I sta...

Cirrus

May 06, 2020

As you say you are only interested in the BIGIP cookie: encrypt it in the cookie profile instead of http. It is easier to maintain there, and you don't risk interfering with an applications cookies.

If you only want to encrypt the BIGIP cookie, but use the http profile to do it, it seems you need to take the name of your cookie and add that to the http profile as well.

Choose a randomly generated key/passphrase for it (a long one) and store it in your password vault. You never know what you might need in future troubleshooting scenarios.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Cookie Encyrption Question - I'm confused

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

Problem with sending BotDefense logs to remote server

ASM/AWAF declarative policy

Managing iRules configuration

Changes to DO and AS3 GitHub - no longer monitored

Related Content

Question about healthchecks

Cache Confusion

AS3 TLS_Client VS TLS_Server Schema confusion

UCS Encryption Question

Site Launch Frequently Asked Questions

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS