Additional Cookie Security Considerations

Although the session cookie is the most important cookie to keep track of when securing AM, there are other points you must consider, such as:

Which cookie are you using for sticky load balancing?
By default, AM creates the amlbcookie cookie and sets it to the ID of the instance that first responded to a request. You should change the name of this cookie to something unique in your environment.
Which other cookies, relevant for your environment, interact with AM or are sent to AM as part of a chain of requests?

The following table summarizes the tasks and information you need to review to manage cookie security that is not strictly related to the session cookie:

Task	Resources
Enable Support for `SameSite` Rules Configure AM to apply `SameSite` rules, such that you can declare that your cookies are restricted to a first-party or a same-site context.	"Enabling SameSite Cookie Rules"
Review the Secure Cookie Filter AM provides a filter that upgrades cookies to secure cookies if the conditions are met.	"Managing the Secure Cookie Filter"
Change the Name of the Sticky Load Balancing Cookie Name the cookie something relevant and unique for your environment.	"Changing the Name of the Sticky Load Balancing Cookie"