Forum Discussion

Nimbostratus

Mar 13, 2019

Reg Cookie Persistence Options

Hi, Just want to know when would we use the following options in the Cookie Persistence Profile HTTP Only Attribute :- Enabled / Disabled Always Send Cookie Thanks, ...

Cumulonimbus

Mar 13, 2019

HTTP Only : cookie is accessible to browser only, and not to evental scripts run withing the browser. Basically, if you app is a standard web app, without too much client side javascript processing, checking this should be OK

Always sent : I didn't try in on my lab, but this is to send the session cookie in every response or only in the first. According to that article, if the cookie as an expiration date (IE session cookie is not checked"), it is anyway sent in every response with the expiration date updated regardless of the Always Sent Setting. https://devcentral.f5.com/questions/cookie-persistence-quotalways-send-cookie-quot-option

Hope this helps :)

Forum Discussion

Reg Cookie Persistence Options

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

Decoding the IPv4 address from the persistence cookie

How OneConnect Profile works with Cookie Persistence

Kubernetes architecture options with F5 Distributed Cloud Services

Persistence Cookie Logging

Set the SameSite Attribute for LTM Persistence Cookies