For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Icon for Altostratus rank

Altostratus

Dec 07, 2021

Issues with cookies persistence

Need help on below issues:

Seeing "Sensitive Cookie with Improper or Insecure or Missing SameSite Attribute" message, when user is generating report from F5 url.

Currently: Default cookies persistence is applied on URL.

Thanks

application delivery

1 Reply

Dario_Garrido
Noctilucent
Apr 01, 2022
Hello Rishi.

Take into account that cookie persistence by default inserts a new cookie in the HTTP request.

If your app has specific restrictions to protect against CSRF, that would raise some of those messages.

Check the SameSite condition.
https://cwe.mitre.org/data/definitions/1275.html

Maybe, in your case, a "SameSite=Lax" condition is needed

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5