Cookie encryption and RAW data required

Question

Dear all, &nbsp;
Have a query on cookie&nbsp;
What is the Recommended Industrial best practise for cookie encryption&nbsp;
One of our customer needs cookie encryption enabled.. at the same time... Part of of cookies should be available RAW for his application to work..&nbsp;
Need your suggestions/ideas to take this forward&nbsp;

sonne_133164 · Answer

question is whether there is anything sensitive within the cookie, why you need to encrypt cookie? using https against mitm isn't enough? is client storing this cookie for a longer period and you expect someone will access it, tamper it, etc...?&nbsp;
for the best practices:&nbsp;
limit the amount of sensitive information stored in the cookie.limit the subdomains and paths to prevent interception by another application.enforce SSL so the cookie isn’t sent in cleartext.make the cookie HttpOnly
perhaps you can read more at https://www.owasp.org/index.php/Session_Management_Cheat_SheetCookies&nbsp;

Forum Discussion

Cookie encryption and RAW data required

1 Reply

Recent Discussions

Viprion files on blades.

redirect not working

active/active Support Declarative Onboarding

Reliable resources for identifying IP addresses

minimum tmos software version for connect CIS (openshift)

Related Content

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Let's Encrypt

Encrypting Cookies

Cookie Encryption

Automate Let's Encrypt Certificates on BIG-IP