Cookie security

Forum|Forum|9 years ago
March 8, 2017
1 reply
5172 views

Hi there

i have problem for poison Forti-cookie in traffic and check validity. until now, i config "cookie security policy" in web protection>cookie security>cookie security policy , and create new with recommended setting and assign them to "inline protection profile". but when i check cookies in web browser on client i don't see Forti-cookie Name and value.

max_monterumisi

New Member

The FortiWeb session cookie is named cookiesession1

To prevent tampering need use Security Mode = Singed

"When FortiWeb receives the first HTTP or HTTPS request from a client, it uses a cookie to track the session.

When you select this option, the session-tracking cookie includes a hash value that FortiWeb uses to detect tampering with the cookie from the back-end server response."

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded