https://community.cisco.com/t5/application-networking/ace-cookie-insert-stickyness/m-p/2302484#M40656 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>As long as they don't both use the Same Cookie name they won't influence each other.</P><P>If you don't assign a cookie-name ACE will create a unique one per rserver.</P><P></P><P>Or you can configure one e.g.</P><P></P><P> rserver WebServer1 80</P><P>&nbsp;&nbsp;&nbsp; cookie-string "ACEWS1Cookie"</P><P></P><P>More details can be found here:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/customer/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/sticky.html">http://www.cisco.com/en/US/customer/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/sticky.html</A></P></BODY></HTML> Thu, 15 Aug 2013 06:53:23 GMT rhgtyink 2013-08-15T06:53:23Z https://community.cisco.com/t5/application-networking/ace-cookie-insert-stickyness/m-p/2302483#M40655 <P>Hi, I am trying to understand the ACE`s cookie-insert method of stickiness. So the ACE will always insert a cookie into the http-header when sending a response to the client/browser. Based on that if it recieves the same cookie-id in the subsequent requests it knows to which end-server to send it as it does an internal hash based on the cookie-value. </P><P></P><P>My question is, what happens if the server also sends a cookie? Does ACE dis-regards that cookie and inserts a new one on it`s own? How do the cookie-insertion from the server (which is done by default by the web-servers) co-exist with the cookie insertion by the ACE?</P><P></P><P>thnx</P> Wed, 14 Aug 2013 20:48:16 GMT https://community.cisco.com/t5/application-networking/ace-cookie-insert-stickyness/m-p/2302483#M40655 sandevsingh 2013-08-14T20:48:16Z https://community.cisco.com/t5/application-networking/ace-cookie-insert-stickyness/m-p/2302484#M40656 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>As long as they don't both use the Same Cookie name they won't influence each other.</P><P>If you don't assign a cookie-name ACE will create a unique one per rserver.</P><P></P><P>Or you can configure one e.g.</P><P></P><P> rserver WebServer1 80</P><P>&nbsp;&nbsp;&nbsp; cookie-string "ACEWS1Cookie"</P><P></P><P>More details can be found here:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/customer/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/sticky.html">http://www.cisco.com/en/US/customer/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/sticky.html</A></P></BODY></HTML> Thu, 15 Aug 2013 06:53:23 GMT https://community.cisco.com/t5/application-networking/ace-cookie-insert-stickyness/m-p/2302484#M40656 rhgtyink 2013-08-15T06:53:23Z https://community.cisco.com/t5/application-networking/ace-cookie-insert-stickyness/m-p/2302485#M40657 <HTML><HEAD></HEAD><BODY><P>Thanks for the reply, we got a security scan done of our public VIPS that were served by the ACE and had to remediate the cookie flag to be "Secure" and "httponly". Initially, I planned to do this from the ACE as it was doing a cookie-insert, BUT I asked the developer if he could do it from the server side. To my surprise, the fix from the server worked and we do we see the cookie now with the right flags in the scans from outside. </P><P>So does this mean, the ACE respects the cookie flag markings that it gets from the server? </P></BODY></HTML> Thu, 15 Aug 2013 15:14:36 GMT https://community.cisco.com/t5/application-networking/ace-cookie-insert-stickyness/m-p/2302485#M40657 sandevsingh 2013-08-15T15:14:36Z https://community.cisco.com/t5/application-networking/ace-cookie-insert-stickyness/m-p/2302486#M40658 <HTML><HEAD></HEAD><BODY><P>The ACE will only manipulate the Cookie that is used in the Sticky configuration, all other cookies are untouched.</P><P></P><P>In that case this Security scan is not valid, cause you can't gain anything from stealing the sticky cookie from a user.</P><P>That security check is valid for session cookies which can be used to steal/hijack a users session.</P></BODY></HTML> Wed, 21 Aug 2013 18:33:09 GMT https://community.cisco.com/t5/application-networking/ace-cookie-insert-stickyness/m-p/2302486#M40658 rhgtyink 2013-08-21T18:33:09Z