Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

Secure and HTTPonly cookie

AbdullahAlshehri
Altostratus
Altostratus

Hello everyone,

I want to know the difference between enabling Secure and HTTPonly attribute cookie on persistence profile (LTM) and Headers => Cookies List => created cookie (ASM) 

 

because Secure and HTTPonly attribute is already enabled on persistence profile (LTM) but can't see it on the HTTP headers.

1 REPLY 1

CA_Valli
MVP
MVP

LTM cookie persistence profile injects a cookie that F5 uses to track and load balance the same connections in an HTTP session.
Likewise, when ASM is implemented, F5 injects a cookie in client session that uniquely identifies this connection and is used to track client activity. 

Cookie configuration options apply separately to the two injected cookies.