For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

iRule: Securing Cookies

So, you've got yourself some info that you want to stash in a cookie. The problem is that cookie contents are stored in HTTP headers which can be snooped on by those out there you want to k...

Published Nov 09, 2005

Version 1.0

Joined September 22, 2004

View Profile

Joe_Pruitt

Nov 04, 2008

You gain the protection from a man-in-the-middle attack where a 3rd party was sniffing traffic and was able to replicate your login from their system by copying your cookie. By encrypting the cookie with the IP of the client connection, the would-be hacker would have to hack his connection to make it look like the TCP connection from his system was the same as yours which is very difficult to do. You are correct that this would work on any other browser on your current system but typically if a hacker has gained access to your operating system, you have more to worry about...

-Joe

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

iRule: Securing Cookies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS