Forum Discussion
SanjayP
Apr 02, 2021Nacreous
F5 will add it's own cookie in one of the following scenerios
- cookie persistence
- ASM
- APM
- custom iRule adding a cookie
If you have confirmed BIGIP is not adding any of the cookie then it must be set by the application. Ask security team for the cookie names which do not have secure/HTTPonly attributes set. If those are not added by BIGIP it can be fixed by the DEV/server team. Alternatively, BIGIP can also fix it by adding custom iRule to set these attributes in the HTTP RESPONSE event.