F5 authentication cookie (token) issues

Question

. When the F5 has authenticated a user’s browser, it issues a hidden session cookie named F5_ST. This cookie has embedded commas in it which are in violation of RFC 2109. Unfortunately, I cannot read or set cookies with commas. From what I can see so far, Microsoft’s .Net Framework will not allow me to send  invalid cookies at the level of access I have. I am exploring this more.
Is there a way of setting the format of their authorization cookies?
Here is an example of one of these cookies&nbsp;
Next we have the F5 redirects for the C3 Help home page. Notice how my browser sends the F5_ST cookie:&nbsp;
F5_ST=1,1,1,1385574542,28800![![Image Text](/Portals/0/Users/251/63/13563/11-27-2013 1-29-32 PM.png)](/Portals/0/Users/251/63/13563/11-27-2013 1-28-17 PM.png)&nbsp;

what_lies_bene1 · Answer

Apologies but I'm totally confused by this. I think rather more detail and background is required please.&nbsp;

kevin_stewart · Answer

Please take a look at this thread:&nbsp;
https://devcentral.f5.com/questions/apm-cookie-f5_st&nbsp;
Kulastone even found that the F5_ST wasn't entirely necessary for his application to work.&nbsp;

Forum Discussion

F5 authentication cookie (token) issues

2 Replies

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Maintenance page / local website that includes subfolders

VIPRION B2250 to VELOS CX410 and BIG-IPr10900 migration

Raise your hand if you'll be at AppWorld 2026

RDP Webtop deployment

Single LTM with multiple GTM domains

Related Content

iControl REST Authentication Token Management

Demystifying iControl REST Part 6: Token-Based Authentication

Google Authenticator Soft Token Generator

Google Authenticator Token Verification iRule For APM

iControl REST token authentication via Python example

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS