Help
FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
shafiq23
Staff & Editor
Staff & Editor

Created on ‎09-09-2024 01:39 AM Edited on ‎12-20-2024 01:44 AM By Community Manager

Article Id 339895

Technical Tip: Enable session-based cookie for cookiesession1

Description This article describes how to change cookiesession1 inserted by FortiWeb in the client’s browser to a session-based cookie.
Scope FortiWeb v7.0.2 and later.
Solution

By default, with ‘Client Management’ enabled in the Web Protection Profile, FortiWeb inserts a persistent cookie (365 days validity) into the client’s browser for client tracking.

 

1.PNG

 

If such a persistent cookie is not preferred, change cookiesession1 to a session-based cookie with the commands below.

 

config waf web-protection-profile inline-protection
    edit <web-protection-profile name>
        set http-session-cookie enable
    next
end

 

Note:

The session-based cookie only lasts if the browser is open and is automatically deleted when a user closes the browser or exits the app.

 

Steps to verify.

 

From the client’s browser:

  1. Browse the website protected by FortiWeb.
  2. Open the browser developer tool.
  3. Verify cookiesession1 expiration or session flag.

 

2.PNG

 

Related articles about cookiesession1:
Technical Tip: How to enable cookiesession1 with secure flag 
Technical Tip: cookiesession1 secure flag requirement 
2161
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.