Forum Discussion
hooleylist
Jan 23, 2009Cirrostratus
Hi Phil,
As the client should never need to read or modify this cookie, you can encrypt the cookie value using the 9.4+ HTTP profile option 'Encrypt Cookies'. Enter the name of the cookie and a passphrase to use. Make sure to create a custom HTTP profile rather than modifying the default HTTP profile so this option will only be used on the specific VIP(s) you want it for.
If you're on an older version of LTM, you could use an iRule to encrypt the cookie value using 'HTTP::cookie encrypt|decrypt' in HTTP_RESPONSE and HTTP_REQUEST, respectively.
Aaron