Forum Discussion

williamwu2019_2

Nimbostratus

Jun 23, 2016

Preferred Cookie Encryption Policy Doesn't Work!!!

We need to encrypt the F5 BigIP cookie value. However, we have some integration will send out encode BigIP cookie value (not encrypted) to F5. We followed the instructions below. But we still cannot ...

BIG-IP

security

IanB

Employee

Jun 23, 2016

If I understand your question correctly, you're saying that if you send an unencrypted persistence cookie to the LTM when it is configured for cookie encryption on that virtual server, then it fails to recognise the cookie. If that's what you're saying, then that's working as designed.

An unencrypted cookie comes in, and it decrypts it by passing it through AES, and what comes out is not valid, so it is discarded.

Why would you be sending both encrypted and unencrypted cookies to the same virtual server ?

Forum Discussion

Preferred Cookie Encryption Policy Doesn't Work!!!

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Let's Encrypt

Automate Let's Encrypt Certificates on BIG-IP

Encrypting Cookies

Cookie Encryption