Forum Discussion

Nimbostratus

Nov 27, 2008

Cookie steal risk ?

Hello, If an other user catch the BIGIP cookie, is it able to access to the application without authentification ? , i'm refering to IRULE ClientAuthUsingHTMLForms (http://devcentral.f5...

config

design

hoolio

Cirrostratus

Dec 04, 2008

If you have clients connecting from behind pools of proxies or that are on DHCP with publich IP addresses, it's possible that their IP address would legitimately change during a session.

As Hamish suggested, using HttpOnly and Secure on cookies can help. Using HTTPS should also help with cookie theft. And you can actually track session data in the LTM session table, but it's no where near as functional as on a typical web application.

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)