Forum Discussion
John_31769
Mar 11, 2011Nimbostratus
Set APM Cookies to HttpOnly
During an internal PEN test of our APM implementation, our Security group was able to inject some Java script and steal the 2 APM cookies MRHSession and Last_MRHSession. We think we could prevent this by setting these cookies to HttpOnly but this option is not available in APM. Anybody run across this issue and able to resolve? Wondering if there might be an iRule that could be used here - any feedback greatly appreciated!
- hooleylistCirrostratusHi John,
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects