Forum Discussion
Nick_T_68319
Nimbostratus
NimbostratusPersistence Cookie Encryption
I noticed after upgrading to 11.5 in the cookie persistence profile, there is now an option for:
Cookie Encryption Use Policy Encryption Passphrase
Has anyone used this? Does it just encrypt the contents of the cookie the same way the HTTP profile Encrypt Cookies option worked? I tried to search the options in the manual but didn't find much information.
gsharriAltostratus
You are right there is near zero documentation on this. I have experimented with it and it does encrypt cookie contents just like the HTTP profile option does. Regarding the "Cookie encryption use policy" setting the help tab in v11.6 says this
Specifies the way in which the cookie encryption format is used. The default is disabled.
disabled: Generates the cookie format unencrypted.
preferred: Generate an encrypted cookie, but accepts both encrypted and unencrypted formats.
required: Cookie format must be encrypted.
Nick_T_68319Interesting. I'll have to try it out.
Thanks
- Walter_Kacynski
Cirrostratus
Does anyone know the purpose of this? Was it to simply the two-step encryption process into a single profile?
- Walter_Kacynski
I just tested this hypothesis and it appears correct.
Gregory_ThiellEmployee
I was wondering for a while what could be the use case for "Preferred". Generally, we would use either clear or encrypted cookies, so why having a "Preferred" option? Well, that's an excellent choice for a smooth transition from unencrypted to encrypted cookies. With "Cookie Encryption Use Policy" set to "Preferred", the system will generate encrypted cookies while still accepting the unencrypted cookies sent in the requests from previous clients.
This "Preferred" option should be kept for the duration of the cookie previously configured in the Cookie Persistence Profile ("Expiration" field). After that, all previous cookies should have either expired or been replaced by an encrypted one. For a Session Cookie, use your own judgement, I guess.
