F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Nov 27, 2008

Cookie steal risk ?

Hello, If an other user catch the BIGIP cookie, is it able to access to the application without authentification ? , i'm refering to IRULE ClientAuthUsingHTMLForms (http://devcentral.f5...

Icon for Cirrostratus rank

Cirrostratus

Dec 04, 2008

If you have clients connecting from behind pools of proxies or that are on DHCP with publich IP addresses, it's possible that their IP address would legitimately change during a session.

As Hamish suggested, using HttpOnly and Secure on cookies can help. Using HTTPS should also help with cookie theft. And you can actually track session data in the LTM session table, but it's no where near as functional as on a typical web application.

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

Bram - January 2026 Featured Member

DevCentral News

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

Community Articles

application delivery

container ingress services

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5