Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

F5 LTM cookie persistence encryption issue



what is the default behaviour when cookie encrytion enabled, set to required. we know the client->F5 cookie is encrypted, how about F5->server?. i could see the cookie is decrypted in the capture when sending to server. is it suppose to be like that ?


Hi @Prakin , 

Cookie persistence encrypt is a way to secure the tampering in the client-side not server side. 

have a look here :


Mohamed Kansoh

Hi @Mohamed_Ahmed_Kansoh,

is there way that we can re-encrypt the cookie on server side. Because my connection flow, the backend application will hit the same F5 vip again where it sees an unecrypted cookie, but F5 is expecting encrypted cookie so instead it makes new load balancing decision and new cookie is generated and terminated in different server. This makes the connections inconsistencies.

client - > F5 -> webserver(, -> kong -> F5 -> application server(, 

here my bothe web and application server are same address.

if i set the cookie to "prefered" i think it will work?. but on the client i would see unencrypted cookie as well. so that's why i am looking for ree-ncrypt the cookie on the server side.

Hi @Prakin , 

You can try the prefered option , it means bigip accepts both encrypted and decrypted cookies. 

I have another question : 
is this virtual server has ( 2 IPs " & " ) you created it by address list ??! 
I need more clarification here , you can draw your flow as well and show me. 

Mohamed Kansoh

sorry my bad, the flow would as below.

client - > F5 VIP( -> webserver (, -> kong -> F5 VIP( -> application server (,

kong -> F5 VIP( : this is where the cookie is seen unencypted and and F5 is expecitng encrypted cookie. so it can't find, thus its treating as new connection and load balanced to new server.