Forum Discussion

Nimbostratus

Dec 08, 2010

Masking cookie names from the server

I have fighting sessionID cookies from two different applications. One uses a subdomain, the other uses the root domain. My work around idea is to hide the cookie using the root domain from the appli...

Cirrostratus

Dec 09, 2010

Can you log the value(s) of the Set-Cookie header(s) for each response and post back with the sanitized output from /var/log/ltm? You can use:

log local0. "Set-Cookie headers: [HTTP::header values Set-Cookie]"

Also, you could replace these checks:

    if { [HTTP::header exists "Cookie"] and [HTTP::header "Cookie"] contains "OWAsessionid" } {

with:

if { [HTTP::cookie value "OWAsessionid"] ne "" } {

Aaron

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Masking cookie names from the server

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

Masking a URL?

Cookie

Mask Virtual IP in Cookie

Masking the redirected URL

Encrypted cookies on strict uri

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS