Steve_Brown_882
Nov 06, 2008Historic F5 Account
Masking jsessionid with ASM
I am looking for some input on how we can resolve an issue we have with a weblogic based application which is behind an F5 with ASM. The problem is that we would like to mask the jsesionid from the uri when cookies are turned off so that these sessions cannot be hijacked using this jsession ID.
I found this article on ask.f5.com which seems to address it, but it does not seem to make a diffrence. Does anyone have any thoughts on how I can help the applications team resolve this issue using ASM or just an irule?
https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm_945_implementations/asm_dyn_sess_url.html