Forum Discussion

Icon for Altostratus rank

Altostratus

Dec 07, 2021

Issues with cookies persistence

Need help on below issues:

Seeing "Sensitive Cookie with Improper or Insecure or Missing SameSite Attribute" message, when user is generating report from F5 url.

Currently: Default cookies persistence is applied on URL.

Thanks

application delivery

Dario_Garrido
MVP
Apr 01, 2022
Hello Rishi.

Take into account that cookie persistence by default inserts a new cookie in the HTTP request.

If your app has specific restrictions to protect against CSRF, that would raise some of those messages.

Check the SameSite condition.
https://cwe.mitre.org/data/definitions/1275.html

Maybe, in your case, a "SameSite=Lax" condition is needed

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming