Forum Discussion
riyer_206339
Nimbostratus
Hi All,
Along with above requirement, we would like to encrypt the Cookie content. So there is already a Profile under Persistence that we created to use HTTP Insert Cookie method and encrypt the Cookie content using a passphrase. I would like to know if it is okay to have a profile separately to encrypt along with this iRule or do we need to modify the iRule to have them together. Like, have JSESSIONID and encryption of Cookie content in a single iRule.
when HTTP_RESPONSE {
if { [HTTP::cookie exists "JSESSIONID"] } {
persist add uie [HTTP::cookie "JSESSIONID"]
}
}
when HTTP_REQUEST {
if { [HTTP::cookie exists "JSESSIONID"] } {
persist uie [HTTP::cookie "JSESSIONID"]
}
}
Regards, Ram
sirwinston
Mar 13, 2017Nimbostratus
I fail to see what the benefit of encrypting a JSESSIONID would be. By definition it is a random string. Encrypting it does not seem to have any value.
You should make sure that it is marked as Secure and HttpOnly, but most application servers will do that by default.