Forum Discussion

Approxee's avatar
Approxee
Icon for Nimbostratus rankNimbostratus
Sep 29, 2017

Cookie sets domain the same as the requesting Host Header

I have a cookie set with the domain name the same as the requested Host header and I have another cookie set where does not specify the domain. So both cookies end up saved for the same domain locati...
ASM Advanced WAF
cookies
security
Chris_Grant's avatar
Chris_Grant
Icon for Employee rankEmployee
Oct 28, 2017

You might want to review https://support.f5.com/csp/article/K6850 Overview of BIG-IP ASM cookies. The ASM always sets two TS cookies. One is a frame cookie.

 

The main ASM cookie:

 

  • Validates domain cookies - the Main ASM cookie verifies that the domain cookies that are sent from the web server to the client are not altered. The BIG-IP ASM system parses HTTP responses from the web server for the Set-Cookie header. If the Set-Cookie header is present, the BIG-IP ASM system will perform a hash on the cookie, and insert the hash value into the Main ASM cookie.

     

  • Detects session expiration - BIG-IP ASM uses the Main ASM cookie to track user sessions for session expiration.

     

  • Validates the integrity of the ASM Frame cookies - the Main ASM cookie verifies the integrity of the ASM Frame cookies to ensure they are not altered.

     

The Frame cookie:

 

  • Stores the referrer object
  • Tracks whether the referrer object is allowed to change the cookie

The ASM Flow Frame cookie also handles the following dynamic data extractions:

 

  • Dynamic parameters names and values
  • Dynamic session extractions
  • Dynamic flow extractions
  • Dynamic parameter names extractions