For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

DaveC_53879's avatar
DaveC_53879
Icon for Nimbostratus rankNimbostratus
May 06, 2011

cookie persistence sendfor: http only

Need help with cookie persistence. LTM version 9.4.6. How do I set the F5 cookie to http only?
config
design
DaveC_53879's avatar
DaveC_53879
Icon for Nimbostratus rankNimbostratus
May 12, 2011
I actually already encrypt the cookie, so the rule as is does not work. Is there a way to just append http only to end of the cookie string w/o having to read the cookie?

 

 

Change this

 

Response sets a cookie:

 

Set-Cookie: cookie_20=JWOPqD5SyEEcTl6wL8WbEaGhvIF3mSxzdYWRnGXyQTssab7fYqmJGJ2EfiYfHwAssBZQ0brxJV7mNdo=; expires=Thu, 12-May-2011 15:51:54 GMT; path=/

 

 

To this

 

Response sets a cookie:

 

Set-Cookie: cookie_20=JWOPqD5SyEEcTl6wL8WbEaGhvIF3mSxzdYWRnGXyQTssab7fYqmJGJ2EfiYfHwAssBZQ0brxJV7mNdo=; expires=Thu, 12-May-2011 15:51:54 GMT; path=/; HttpOnly