Forum Discussion

Dazzla_20011's avatar
Icon for Nimbostratus rankNimbostratus
Apr 07, 2011

Encrypt Cookies




An application penetration test has found our cookies are sent in plain text. The project manager is now wanting to terminate the SSL certificates on the servers. He thinks that because there are no certificates on the web servers it isn't possible to create secure cookies so the only option available is to move the certificates from the F5 to the web servers.



I've had a quick look at the guide and there is an option under the http profile to encrypt cookies. Do I just enable this and create a passphrase, job done? Do I need to be ware of anything when doing this?



Many Thanks



1 Reply

  • nope. simple cookie encryption and job is done. :)



    Here is more information on this: