Forum Discussion
Chris_Olson
Dec 10, 2010Nimbostratus
Help. We are using 9.3.1 and got hit on a vulnerability scan for unencrypted cookies. I used the link http://devcentral.f5.com/wiki/defau...okies.html
to create the irules needed for this. Our QA tested and advised us all was well. We attempted to roll out to production and got many failures and had to roll back. I thought it had to do with existing sessions and once the user logged back in he/she would be OK. My own testing showed that the irule would force you back to the login page every time you clicked on a different feature of the application. After logging off and on to the site 3 times, everything appeared to be working. In addition to the irule, we created a custom cookie and named it app_cookie to match the irule.
The error message and irule are shown below. I can turn debugging on if needed but would like some insight please.
Thank you,
Chris
Code is here: http://pastebin.com/QwsVjzfs
I don't know how to post it here properly.