Forum Discussion
encrypted cookie values
Hi all, during our security scan we found our published service to be displaying cookie values as in 1st screenshot. I have follow https://support.f5.com/csp/article/K14784 but it seems we still see the Set-Cookie value. Am I missing something here ?
Security Scan results:
http profile configuration:
1 Reply
- youssef1
Cumulonimbus
Hello,
We are agree that in "Encrypt Cookies" Field you enter the exact name of the cookie? I have the impression that the name of the cookie entered in the field does not correspond to the catches seen...
last point, this feature allows to encrypt an application cookie and not a cookie generated by F5.
If you want to encrypt F5 cookie (peristence profile) you have to do it in cookie peristence profile (Local Traffic ›› Profiles : Persistence ›› cookie-Encryption-Required).
Regards
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com