Forum Discussion

williamwu2019_2

Nimbostratus

Jun 23, 2016

Preferred Cookie Encryption Policy Doesn't Work!!!

We need to encrypt the F5 BigIP cookie value. However, we have some integration will send out encode BigIP cookie value (not encrypted) to F5. We followed the instructions below. But we still cannot ...

BIG-IP

security

IanB

Employee

Jun 23, 2016

If I understand your question correctly, you're saying that if you send an unencrypted persistence cookie to the LTM when it is configured for cookie encryption on that virtual server, then it fails to recognise the cookie. If that's what you're saying, then that's working as designed.

An unencrypted cookie comes in, and it decrypts it by passing it through AES, and what comes out is not valid, so it is discarded.

Why would you be sending both encrypted and unencrypted cookies to the same virtual server ?

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)