Forum Discussion
Skuba_85554
Jan 23, 2009Nimbostratus
hi hoolio
we have made use of a config example from the f5 site (shown below)
just to confirm 100%, does the encrypted cookie prevent the end user from reading the contents of it? i.e. is the IP address of the back end server disguised? or is the cookie simply encrypted in transit to prevent anyone other than the genuine client and server from reading the data?
thanks
when CLIENT_ACCEPTED {
set cookiename "OurCookie"
set encryption_passphrase "OurPassphrase"
}
when HTTP_RESPONSE {
if { [HTTP::cookie exists $cookiename] } {
HTTP::cookie encrypt $cookiename $encryption_passphrase
}
}
when HTTP_REQUEST {
if { [HTTP::cookie exists $cookiename] } {
set decrypted [HTTP::cookie decrypt $cookiename $encryption_passphrase]
if { ($decrypted eq "") } {
Cookie wasn't encrypted, delete it
HTTP::cookie remove $cookiename
}
}
}