Forum Discussion

Altostratus

May 18, 2022

Secure and HTTPonly cookie

Hello everyone, I want to know the difference between enabling Secure and HTTPonly attribute cookie on persistence profile (LTM) and Headers => Cookies List => created cookie (ASM) because Secu...

application delivery

security

CA_Valli

MVP

Jun 13, 2023

LTM cookie persistence profile injects a cookie that F5 uses to track and load balance the same connections in an HTTP session.
Likewise, when ASM is implemented, F5 injects a cookie in client session that uniquely identifies this connection and is used to track client activity.

Cookie configuration options apply separately to the two injected cookies.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Secure and HTTPonly cookie

Recent Discussions

Problem with lets encrypt and redirect after update

iRule for client certificate verification and inserting CN

Earth Simnavaz

Should config via cli rather than gui?

Is a Dedicated Interface, VLAN, and Self IP Required for a VIP in an F5 Configuration?

Related Content

Increased Security With First Party Cookies

How to add Httponly and Secure attributes to HTTP cookies (for 11.5.x)

F5 Security Podcasts

Adaptive Apps: Replicate & deploy WAF application security policies across F5's security portfolio

Auditing Security Policy Updates

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS