secure cookies with cookie persistence?

Question

Hi 
&nbsp;  
&nbsp; Is there a way to enable secure cookies for cookie persistence on the bigip v904? 
&nbsp;  
&nbsp; Thanks 
&nbsp; Dan

drteeth_127330 · Answer

No, there isn't. But cookie persistence can be re-implemented fairly easily with the universal persistence rule commands. You could then insert a cookie with whatever attributes you want, encrypt it, etc. Why don't you take a stab at writing the rule and I'll help out if you have problems?

bl0ndie_127134 · Answer

We have also provided a way to do an inplace AES encryption/decryption of the cookies. Here is an example.  
  when HTTP_REQUEST {  
      if {[HTTP::cookie exists "cookieName"]} {  
        HTTP::cookie decrpt "cookieName" "passphrase"  
      }  
  }  
    
  when HTTP_RESPONSE {  
      if {[HTTP::cookie exists "cookieName"]} {  
         HTTP::cookie encrypt "cookieName" "passphrase"  
      }  
  }  
    
  Where the "passphrase" is a password based key. The encryption will effectively encrypt and base64 encode the cookie value for you.

Forum Discussion

secure cookies with cookie persistence?

Recent Discussions

Http / https health monitor issue

F5-SDK Get GTM Pool Server, Virtual Server, Unused Objects, and JSON Conversion for Data Processing

F5 DNS Generic Host

How do I create a traffic log for two different route domains?

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

Decoding the IPv4 address from the persistence cookie

Increased Security With First Party Cookies

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

How OneConnect Profile works with Cookie Persistence

AppWorld 2025 Security Insights - ADC 3.0, AI Security, and more

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS