Forum Discussion

AbdullahAlshehri's avatar
Icon for Altostratus rankAltostratus
May 18, 2022

Secure and HTTPonly cookie

Hello everyone,

I want to know the difference between enabling Secure and HTTPonly attribute cookie on persistence profile (LTM) and Headers => Cookies List => created cookie (ASM) 


because Secure and HTTPonly attribute is already enabled on persistence profile (LTM) but can't see it on the HTTP headers.

1 Reply

  • LTM cookie persistence profile injects a cookie that F5 uses to track and load balance the same connections in an HTTP session.
    Likewise, when ASM is implemented, F5 injects a cookie in client session that uniquely identifies this connection and is used to track client activity. 

    Cookie configuration options apply separately to the two injected cookies.