Avoid Copy/Paste cookies for login

Question

We have a DNN implementation and we have discovered that we can copy the authentication cookies and paste them in another computer to allow the user get in, I am looking if there is a way to validate cookies on this scenario

nicholas_p__308 · Answer

There is an HMAC irule. Please see the following.&nbsp;
https://devcentral.f5.com/codeshare/high-performance-hmac-cookie-signing&nbsp;
Basically, it generates a random string for each new session paired with the authentication cookie and validates each user with minimum performance impact. &nbsp;

Forum Discussion

Avoid Copy/Paste cookies for login

1 Reply

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Avoiding Common iRules Security Pitfalls

Cookie-based DDoS protection

Decoding the IPv4 address from the persistence cookie

1. SYN Cookie: Intro

2. SYN Cookie: Operation