Forum Discussion

Nimbostratus

Jun 03, 2019

Secure flag for cookie

Hi all we have a settings for secure flag for cookies as below but somehow in the screenshot it doesn't really show that the cookie are secure. Am I missing something on the settings ? Our security s...

MVP

Jun 04, 2019

Per Screen shot, its seems you are encrypting cookie not adding secure flag.

when HTTP_RESPONSE {
set COOKIE_VAL [HTTP::header values "Set-Cookie"]
HTTP::header remove "Set-Cookie"
 
foreach COOKIE_NAME $COOKIE_VAL {
HTTP::header insert "Set-Cookie" "${COOKIE_NAME}; Secure; HttpOnly"
}
}

Doran_Lum
Nimbostratus
Jun 06, 2019
Thank you this worked. With this, do I still need to enable the Session Cookie as above ?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Secure flag for cookie

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

SSO login for APM Profiles

Can F5 restrict the file types transferred via FTP?

APM VPN LDAP POOL can't contact ldap server.

Kerberos Authentication Failing for Exchange 2016 Behind F5 Cloud WAF

r-series LAG

Related Content

Quarterly Security Notification October 2025

Increased Security With First Party Cookies

Adding http only / secure flags to TS cookies per policy

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

DevCentral Connects hosts Capture the Flag!

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS