F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

iRule: Securing Cookies

So, you've got yourself some info that you want to stash in a cookie. The problem is that cookie contents are stored in HTTP headers which can be snooped on by those out there you want to k...

Published Nov 09, 2005

Version 1.0

Joined September 22, 2004

View Profile

Joe_Pruitt

Nov 04, 2008

You gain the protection from a man-in-the-middle attack where a 3rd party was sniffing traffic and was able to replicate your login from their system by copying your cookie. By encrypting the cookie with the IP of the client connection, the would-be hacker would have to hack his connection to make it look like the TCP connection from his system was the same as yours which is very difficult to do. You are correct that this would work on any other browser on your current system but typically if a hacker has gained access to your operating system, you have more to worry about...

-Joe

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

iRule: Securing Cookies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS