Forum Discussion

Nimbostratus

Dec 15, 2011

Mark cookie as secure

We have 2 virtual servers for an IIS site, one for http and the other for https, but they use the same pool on port 80. Is there a way to mark all of session cookies leaving the https VS as secure s...

Nimbostratus

Dec 15, 2011

Hi Michael,

Thanks for the response. It deosn't appear to e working. I copied my existing 443 VS and applied the rule to the copy, but the cookie appears unchanged.

This is what I get;

Set-Cookie: ASPSESSIONIDASTACBAT=JFALACPAOAOKCFJDEBIJGEIM; path=/

But this is what I need;

Set-Cookie: ASPSESSIONIDASTACBAT=JFALACPAOAOKCFJDEBIJGEIM; path=/; secure

Dave

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Mark cookie as secure

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

Increased Security With First Party Cookies

Remove Quotation marks

F5 Security Podcasts

Adaptive Apps: Replicate & deploy WAF application security policies across F5's security portfolio

Auditing Security Policy Updates

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS