Forum Discussion

SalC's avatar
SalC
Icon for Altostratus rankAltostratus
Jul 14, 2022

Cookie Persistence Profile - renamed cookie but still seeing default BIGipServer<pool_name> in ASM

Was trying to obfuscate by changing the cookie name in the persistence cookie profile, but I'm still seeing instances of Learning suggestions in ASM (WAF) for the default cookie name BIGipServer<pool_name>

I've confirmed the persistence profile did save the changes, and is in use on the Virtual Server.  Checking the cookie names in use on a browser shows the correct (updated) cookie name.

Is this a bug perhaps?  I'm on 14.1.5.0.0.7

Thanks!

security

4 Replies

Sort By
  • StephanManthey's avatar
    StephanManthey
    Icon for MVP rankMVP
    Jul 15, 2022

    The change you made in the cookie insert profile applies to new connections only.

    If there are current KeepAlive connections of clients (i.e. a typical webbrowser keeps connections open, even if having the site open in a tab or a different window).

    There might be users which got the default cookie and simply did not close their browsers completely. They will keep sending the (unwanted) cookie until the browser is completely closed and this session cookie will be discarded.

    • SalC's avatar
      SalC
      Icon for Altostratus rankAltostratus
      Jul 15, 2022

      Thanks, I thought the same thing, but it has been several weeks since I updated all the cookie persistence profiles.  You gave me an idea though; I'm going to try modifying the cookie and setting the expiration to a set duration as opposed to session, and see if that clears it up.

    • SalC's avatar
      SalC
      Icon for Altostratus rankAltostratus
      Jul 15, 2022

      Yep, and the ASM learning suggestions are seeing the default BIGIP cookie still and suggesting I add it that way, when in theory? the default cookie shouldn't be in use.  I'm going to try setting an expiration timer on the cookie as opposed to session, and see if that clears any old cookies users may still have (I'm thinking even after several weeks.. users may not have closed their browsers)