For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Dec 14, 2007

Manipulating a decrypted cookie value using HTTP::cookie decrypt

Hi,     I'm running into an issue on 9.2.4 when trying to get and potentially manipulate the unencrypted value of a cookie. I encrypt the cookie sent in the response using HTTP::cookie encrypt ...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jan 07, 2008
Hi pchang,

 

 

I finally had time to retest this and see what you mean. I could have sworn that I was seeing the response modified using HTTP::cookie encrypt, without explicitly setting the value of the cookie to the encrypted string. Odd. Anyhow, thanks for the pointer.

 

 

I might submit an RFE to see if the values could be modified in place, instead of having to explicitly set the value of the cookie to the encrypted/decrypted string. As it is, there doesn't seem to be any significant advantage to using HTTP::cookie encrypt/decrypt compared with the AES encrypt/decrypt commands.

 

 

Aaron