Forum Discussion

Nimbostratus

Mar 11, 2020

Http only flag set on applications cookies

Hi All

If i set the http only attribute for the cookies learnt in the ASM policy, then when I access the web application, and inspect the same via browser, it should show that the cookie has http only attribute enabled??

1 Reply

P_K
Altostratus
Mar 12, 2020
That is correct! You are basically forcing browser to access cookies via http and https by enabling httponly attribute in ASM.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Http only flag set on applications cookies

1 Reply

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

SSO login for APM Profiles

Virtual Server Configuration requirements for ISO 8583 traffic (Single persistent TCP session)

threat hunting guide

Webtop which has VNC for macos users

Floating IP responds from wrong VLAN/trunk

Related Content

Application Study Tool: Make Grafana Listen on HTTPS

Introducing the F5 Application Study Tool (AST)

F5 HTTPS Redirect 2025

Set the SameSite Cookie Attribute for Web Application and BIG-IP Module Cookies

System Prerequisites for Deploying the Application Study Tool

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS