Help
Technical Articles
F5 SMEs share good practice.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Lightboard Lessons: BIG-IP Cookie Persistence Values

ltwagnon
Legacy Employee
Legacy Employee

on ‎02-Aug-2017 03:00

The BIG-IP creates cookies (when enabled) in order to allow persistence.  Several people have asked what these cookies look like and how their values are generated.  This video digs into the details of cookie persistence values and how they are calculated.  Enjoy!  



Related Resources:

0 Kudos
Comments
Aditya_Mehra
Cirrus
Cirrus
‎03-Aug-2017 08:53

Thanks John, Very Very informative! You said that if we capture cookies then we can reverse engineer. So how can we capture the cookie? Thanks, Aditya

 

0 Kudos
Aditya_248044
Nimbostratus
Nimbostratus
‎03-Aug-2017 08:53

Thanks John, Very Very informative! You said that if we capture cookies then we can reverse engineer. So how can we capture the cookie? Thanks, Aditya

 

0 Kudos
MSZ
Nimbostratus
Nimbostratus
‎07-Aug-2017 01:47

How did you convert the port number?

 

0 Kudos
ltwagnon
Legacy Employee
Legacy Employee
‎07-Aug-2017 10:54

@Aditya, great question! If you want to capture the cookie on your browser, you can right click on the page and open the "inspect" feature and look at application cookies. You can see all the cookies on your browser from there. Keep in mind each browser will store its own cookies, so this list will be browser-specific. If you are wanting to capture all the cookies on the BIG-IP, then you can run an iRule to check them all out. Here's a link to an iRule that should help with that: https://devcentral.f5.com/codeshare?sid=631

 

0 Kudos
ltwagnon
Legacy Employee
Legacy Employee
‎07-Aug-2017 10:57

@MSZ, the port number is converted the same way as the IP address. You convert to hexadecimal, then reverse order the hex numbers, then convert to decimal. If the port number is less than 256, the first two hex digits (prior to reverse ordering) are 0x00. The later part of the video above (starting at about the 6:30 mark) shows the calculation on port number. Hope this helps!

 

0 Kudos
MSZ
Nimbostratus
Nimbostratus
‎08-Aug-2017 00:56

How many cookies are created noramlly for application?

 

0 Kudos
ltwagnon
Legacy Employee
Legacy Employee
‎08-Aug-2017 06:23

@MSZ, great question! Each application developer can set cookie limits as desired, so it depends on how the application is designed as to how many cookies there are. As for browsers, each one is a little different, but they all can typically handle at least 4096 bytes of cookies per domain. Here's an interesting article that gives a little more info: https://www.thoughtco.com/cookie-limit-per-domain-3466809

 

0 Kudos
Aditya_Mehra
Cirrus
Cirrus
‎16-Aug-2017 01:19

Hi John,

 

As we see that by reverse engineering it is possible to see the IP address and port of the Server via the cookie. So is there a way to mask the IP & Port in the cookie so that the public users cannot re-engineer the IP of the server (for security purpose) ?

 

Thanks, Aditya

 

0 Kudos
Aditya_248044
Nimbostratus
Nimbostratus
‎16-Aug-2017 01:19

Hi John,

 

As we see that by reverse engineering it is possible to see the IP address and port of the Server via the cookie. So is there a way to mask the IP & Port in the cookie so that the public users cannot re-engineer the IP of the server (for security purpose) ?

 

Thanks, Aditya

 

0 Kudos
ltwagnon
Legacy Employee
Legacy Employee
‎17-Aug-2017 06:39

Aditya, great question. The way to hide the contents of the cookie is to encrypt the cookie, and the BIG-IP allows for cookie encryption. When encrypted, the cookie contents are not readable. Here's more information on cookie encryption: https://support.f5.com/csp/article/K14784

 

0 Kudos
Version history
Last update:
‎02-Aug-2017 03:00
Updated by:
Legacy Employee
Contributors
Copyright © 2023 Khoros, LLC