Forum Discussion

Nimbostratus

Dec 08, 2010

Masking cookie names from the server

I have fighting sessionID cookies from two different applications. One uses a subdomain, the other uses the root domain. My work around idea is to hide the cookie using the root domain from the appli...

Nimbostratus

Dec 09, 2010

Yes, it looks like you're ahead of us on working this out.

We can diferrentiate based on cookie value. So, we implemented that, but then realized that it didn't matter. The browser was only allowing one sessionID cookie to exist and it seemed like the sub.domain.com cookie wasn't getting set if it existed in .domain.com. So we could mask this cookies existence from the server, but the browser still wouldn't set it.

So what you described, a "cookie translation" if you will, seems like the only workable option.

I'll see what I'm able to make work. Thanks for the help.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Masking cookie names from the server

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

How to passively monitor Dataguard without masking data?

Changing subnet mask of ConfigSync/Failover Address

Cookie Encryption Across Pools and Services

Request Logging - Session Cookie only

Samesite cookies on 1600's

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS