Colin's 20 Lines or Less 18 covers this a bit:
http://devcentral.f5.com/weblogs/cwalker/archive/2008/12/31/20-lines-or-less-18.aspx
Cookie Encryption Gateway
If you're looking to encrypt/decrypt ALL cookies going in and out of a virtual in one fell swoop, then here's your solution. Normal configuration of profiles requires you to state each cookie that's going to be encrypted. This iRule allows you to add or remove cookies from your application at will, while always being sure they're going to be secured.
when RULE_INIT {
Exposed passphrase, but this key can be synchronized to the peer LTM
set ::passphrase "secret"
Private passphrase, but it isn't synchronized. On LTM failover to
its peer, applications relying on the encrypted cookies will break.
set ::passphrase [AES::key]
}
when HTTP_REQUEST {
foreach { cookieName } [HTTP::cookie names] {
HTTP::cookie decrypt $cookieName ::passphrase
}
}
when HTTP_RESPONSE {
foreach { cookieName } [HTTP::cookie names] {
HTTP::cookie encrypt $cookieName ::passphrase
}
}