Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
nima
New Contributor

Cookie security

Hi there

i have problem for poison Forti-cookie in traffic and check validity. until now, i config "cookie security policy" in web protection>cookie security>cookie security policy , and create new with recommended setting and assign them to  "inline protection profile". but when i check cookies in web browser on client i don't see Forti-cookie Name and value.

1 REPLY 1
max_monterumisi
New Contributor

The FortiWeb session cookie is named cookiesession1

 

To prevent tampering need use Security Mode = Singed 

"When FortiWeb receives the first HTTP or HTTPS request from a client, it uses a cookie to track the session.

When you select this option, the session-tracking cookie includes a hash value that FortiWeb uses to detect tampering with the cookie from the back-end server response."

 

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors