Hello everyone,I want to know the difference between enabling Secure and HTTPonly attribute cookie on persistence profile (LTM) and Headers => Cookies List => created cookie (ASM) because Secure and HTTPonly attribute is already enabled on persistence profile (LTM) but can't see it on the HTTP headers.

LTM cookie persistence profile injects a cookie that F5 uses to track and load balance the same connections in an HTTP session.Likewise, when ASM is implemented, F5 injects a cookie in client session that uniquely identifies this connection and is used to track client activity. Cookie configuration options apply separately to the two injected cookies.

Forum Discussion

AbdullahAlshehri

Altostratus

May 18, 2022

Secure and HTTPonly cookie

Hello everyone,

I want to know the difference between enabling Secure and HTTPonly attribute cookie on persistence profile (LTM) and Headers => Cookies List => created cookie (ASM)

because Secure and HTTPonly attribute is already enabled on persistence profile (LTM) but can't see it on the HTTP headers.

application delivery

security

1 Reply

CA_Valli
MVP
Jun 13, 2023
LTM cookie persistence profile injects a cookie that F5 uses to track and load balance the same connections in an HTTP session.
Likewise, when ASM is implemented, F5 injects a cookie in client session that uniquely identifies this connection and is used to track client activity.

Cookie configuration options apply separately to the two injected cookies.