Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

ASM TS cookie

folks

is there any way to encrypt the ASM TS cookie without enabling global parameter on client side

Cheers Snl

0
Rate this Question
Comments on this Question
Comment made 19-Sep-2017 by snl 508

currently i am getting the ASM TS cookie at client side without encrypt

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

There really is no way to encrypt the ASM cookie, no. I'm not sure that encrypting this cookie would gain you much, however, as it is already a hashed value. You can't modify it without impacting the hash and causing it to fail validation. You can't unencrypt it, as by definition a hash cannot be reversed.

So no, but you really wouldn't need to.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Did you try following below solution article ?

https://support.f5.com/csp/article/K13787

0
Comments on this Answer
Comment made 5 months ago by Chris Grant

Prince, the secure and HTTP Only flags are different from cookie specific encryption. Secure means they can only be used with SSL over HTTP (HTTPS), where the entire data stream is encrypted. The TS cookie would be encrypted in transit, but would be unencrypted on the client's machine.

HTTP Only simply means the cookie is not available to client side scripts.

0