Additional cookie security
Although the session cookie is the most important cookie to keep track of when securing AM, there are other points you must consider, such as:
Which cookie are you using for sticky load balancing?
By default, AM creates the
amlbcookiecookie and sets it to the ID of the instance that first responded to a request. You should change the name of this cookie to something unique in your environment.
Which other cookies, relevant for your environment, interact with AM or are sent to AM as part of a chain of requests?
The following table summarizes the tasks and information to review to manage cookie security that is not strictly related to the session cookie:
Enable support for
Configure AM to apply
Review the secure cookie filter
AM provides a filter that upgrades cookies to secure cookies if the conditions are met.
Change the name of the sticky load balancing cookie
Name the cookie something relevant and unique for your environment.