Forum Discussion

Prakin's avatar
Icon for Cirrus rankCirrus
Oct 12, 2023

F5 LTM cookie persistence encryption issue


what is the default behaviour when cookie encrytion enabled, set to required. we know the client->F5 cookie is encrypted, how about F5->server?. i could see the cookie is decrypted in the capture when sending to server. is it suppose to be like that ?

4 Replies

    • Prakin's avatar
      Icon for Cirrus rankCirrus

      Hi Mohamed_Ahmed_Kansoh,

      is there way that we can re-encrypt the cookie on server side. Because my connection flow, the backend application will hit the same F5 vip again where it sees an unecrypted cookie, but F5 is expecting encrypted cookie so instead it makes new load balancing decision and new cookie is generated and terminated in different server. This makes the connections inconsistencies.

      client - > F5 -> webserver(, -> kong -> F5 -> application server(, 

      here my bothe web and application server are same address.

      if i set the cookie to "prefered" i think it will work?. but on the client i would see unencrypted cookie as well. so that's why i am looking for ree-ncrypt the cookie on the server side.

      • Hi Prakin , 

        You can try the prefered option , it means bigip accepts both encrypted and decrypted cookies. 

        I have another question : 
        is this virtual server has ( 2 IPs " & " ) you created it by address list ??! 
        I need more clarification here , you can draw your flow as well and show me.