Forum Discussion

Altostratus

May 18, 2022

Secure and HTTPonly cookie

Hello everyone, I want to know the difference between enabling Secure and HTTPonly attribute cookie on persistence profile (LTM) and Headers => Cookies List => created cookie (ASM) because Secu...

application delivery

security

CA_Valli

MVP

Jun 13, 2023

LTM cookie persistence profile injects a cookie that F5 uses to track and load balance the same connections in an HTTP session.
Likewise, when ASM is implemented, F5 injects a cookie in client session that uniquely identifies this connection and is used to track client activity.

Cookie configuration options apply separately to the two injected cookies.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Secure and HTTPonly cookie

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

GRPC through F5 Virtual Server [RST_STREAM with error code: INTERNAL_ERROR]

[ASM] - How to disable the SQL injection attack signatures

[ASM] : SQL-INJ "end-quote UNION" - How to allow this signature to specific url/uri/parameter only

Changes to DO and AS3 GitHub - no longer monitored

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

Related Content

Increased Security With First Party Cookies

Quarterly Security Notification October 2025

How to add Httponly and Secure attributes to HTTP cookies (for 11.5.x)

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

BIG-IP security hardening and compliance checks

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS