Secure and HTTPonly cookie

Question

Hello everyone,I want to know the difference between enabling Secure and HTTPonly attribute&nbsp;cookie on persistence profile (LTM) and Headers =&gt; Cookies List =&gt; created cookie (ASM)&nbsp;&nbsp;because Secure and HTTPonly attribute is already enabled on&nbsp;persistence profile (LTM) but can't see it on the HTTP headers.

ca_valli · Answer

LTM cookie persistence profile injects a cookie that F5 uses to track and load balance the same connections in an HTTP session.Likewise, when ASM is implemented, F5 injects a cookie in client session that uniquely identifies this connection and is used to track client activity.&nbsp;
Cookie configuration options apply separately to the two injected cookies.&nbsp;

Forum Discussion

Secure and HTTPonly cookie

Recent Discussions

Problem with lets encrypt and redirect after update

Should config via cli rather than gui?

Is a Dedicated Interface, VLAN, and Self IP Required for a VIP in an F5 Configuration?

question about getting hsl data to be formatted properly in splunk

iRule for client certificate verification and inserting CN

Related Content

F5 Security Podcasts

Certifications for security professionals

set HTTPOnly in cookie

API security

Re: SYN Cookie operation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS