Forum Discussion

Cirrostratus

Aug 25, 2015

Encrypting a cookie with HTTP::cookie encrypt and encrypting with an HTTP Profile

Does anyone know if it possible to use HTTP::cookie encrypt when generating an HTTP response generated from APM Event ACCESS_POLICY_COMPLETED and then have this cookie decrypted with the normal HTTP ...

application delivery

BIG-IP Access Policy Manager (APM)

Employee

Aug 26, 2015

Well, at the very least I'd never send the user's password in a cookie, encrypted or not. Otherwise you already have the access session cookie so you could store the password (encrypted) in the session table. Or you could generate a random GUID, make an LTM session table entry with the password, tied to this GUID, and then send that value as a temporary cookie. And if it's a different URL, make that cookie domain-scoped and short-lived.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Encrypting a cookie with HTTP::cookie encrypt and encrypting with an HTTP Profile

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Let's Encrypt

Encrypted UCS Backup with REST-API

Automate Let's Encrypt Certificates on BIG-IP

Encrypting Cookies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS