Forum Discussion

Nimbostratus

Jan 19, 2007

Securing Cookies

I use a simple rule to add ";Secure" to the end of ever "Set-Cookie" header in a particular app server's response, and it works great for what it was originally intended to do. when HTTP_RESPONSE...

Nimbostratus

Jul 06, 2007

This seems to work on some of my cookies but not all, for example if I use Fiddler to look at the raw response I see:

HTTP/1.1 302 Found

Date: Fri, 06 Jul 2007 14:59:23 GMT

Location: /mysite/default.aspx

Set-Cookie: UserName=jdoe; path=/; HttpOnly

Set-Cookie: .ASPXAUTH=259AE6492D3; path=/; HttpOnly; Secure

So the code sets some but not others.

Any suggestions?

Thanks,

Shawn

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Securing Cookies

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

R4800 snmp issues.

F5 XC JWKS auto update

PCI Compliance and ASM

irule for redirect and header injection

What happens if I activate only ASM without provisioning LTM?

Related Content

Increased Security With First Party Cookies

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

Physical Security - Starting Points

APM-Specific Features for Securing Your Website

Welcome to Fletch.ai, Fake DeepSeek Downloads, & Operation Secure

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS