Forum Discussion

Nimbostratus

Jun 25, 2020

rfc6265 - Max-Age Attribute - browser sessions preservation

Hi,

The "new" rfc6265, define max-age attribute as

If a cookie has neither the Max-Age nor the Expires
attribute, the user agent will retain the cookie until "the current session is over" (as defined by the user agent).

Some browsers have the concept of keep the browser session where an user left previous to close the browser (including not deleting session cookies):

Firefox call it:

Restore previous session

Chrome:

Continue where you left off

If a user uses these features, isn't the persistence with "HTTP Cookie Insert" (with session cookie) doomed ?

How to keep an healthy balancing between the nodes if the client always use the same node (because do not delete session cookie)?

Best Regards,

Filipe

No RepliesBe the first to reply

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

rfc6265 - Max-Age Attribute - browser sessions preservation

Recent Discussions

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Related Content

APM session attribute exists

Add SameSite attribute to APM Cookies

Lightboard Lessons: HTTP Cookie SameSite Attribute

HTTP POST redirect preserving POST data

Set the SameSite Attribute for LTM Persistence Cookies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS