Forum Discussion
dennypayne
Oct 29, 2007Employee
What David is saying is that if your HTTPS virtual server points to a pool that has pool members using 443 as well, without any client and/or server side ssl profiles enabled, then cookie insert will never work regardless of whether "match across" is a factor or not. If that is the case, then BIG-IP is not doing any decryption and is passing SSL all the way to the webservers. It cannot insert any cookie into that stream.
For any sort of cookie persistence to work with HTTPS traffic, you must be using a clientssl profile on your HTTPS vip and have it point to a pool using port 80, or you must also use a serverssl profile to re-encrypt and send to the pool on 443. That's the only way that BIG-IP can do anything with cookies on an HTTPS stream; it has to be decrypting the SSL using a clientssl profile (re-encrypting on the back end is optional but it sounds like that's what you want so you also need a serverssl profile).
Denny