There are multiple ways to secure cookie in your application, but the easiest way is always at network edge like F5. Following example is given based on your Web Application cookie start with JSESSIONID. If you have something else, you can modify accordingly. The following will add HTTPOnly and Secure flag in Set-Cookie starting with JSESSIONID in header response.

To implement using iRule

Create irule with following

Associate irule to respective Virtual Server

To verify

You can use any web developer tool to view Response headers and ensure you see following. You can also use HTTP Header online tool to confirm this. Interested in learning more about F5 administration? Check out this online course by Tyco Taygo.

F5 iRule to Secure Cookie with HTTPOnly and Secure - 64F5 iRule to Secure Cookie with HTTPOnly and Secure - 37F5 iRule to Secure Cookie with HTTPOnly and Secure - 86F5 iRule to Secure Cookie with HTTPOnly and Secure - 38F5 iRule to Secure Cookie with HTTPOnly and Secure - 98F5 iRule to Secure Cookie with HTTPOnly and Secure - 57F5 iRule to Secure Cookie with HTTPOnly and Secure - 87F5 iRule to Secure Cookie with HTTPOnly and Secure - 50F5 iRule to Secure Cookie with HTTPOnly and Secure - 42F5 iRule to Secure Cookie with HTTPOnly and Secure - 47F5 iRule to Secure Cookie with HTTPOnly and Secure - 62F5 iRule to Secure Cookie with HTTPOnly and Secure - 44F5 iRule to Secure Cookie with HTTPOnly and Secure - 87F5 iRule to Secure Cookie with HTTPOnly and Secure - 5F5 iRule to Secure Cookie with HTTPOnly and Secure - 2F5 iRule to Secure Cookie with HTTPOnly and Secure - 58F5 iRule to Secure Cookie with HTTPOnly and Secure - 9F5 iRule to Secure Cookie with HTTPOnly and Secure - 3F5 iRule to Secure Cookie with HTTPOnly and Secure - 50F5 iRule to Secure Cookie with HTTPOnly and Secure - 34F5 iRule to Secure Cookie with HTTPOnly and Secure - 52F5 iRule to Secure Cookie with HTTPOnly and Secure - 53F5 iRule to Secure Cookie with HTTPOnly and Secure - 63