- User Guide
- FAQs
- About WAF
- WAF Functions
- Can I Configure Session Cookies in WAF?
Can I Configure Session Cookies in WAF?¶
No. WAF does not support session cookies.
WAF allows you to configure CC attack protection rules to limit the access frequency of a specific path (URL) in a single cookie field, accurately identify CC attacks, and effectively mitigate CC attacks. For example, if a user whose cookie ID is name accesses the /admin* page under the protected domain name for more than 10 times within 60 seconds, you can configure a CC attack protection rule to forbid the user from accessing the domain name for 600 seconds.
What Are Cookies?¶
Cookies are data (usually encrypted) stored on the local terminal of a user by a website to identify the user and trace sessions. Cookies are sent by a web server to a browser to record personal information of the user.
A cookie consists of a name, a value, and several optional attributes that control the cookie validity period, security, and usage scope. Cookies are classified into session cookies and persistent cookies. The details are as follows:
Session cookie
A session cookie exists only in temporary memory while the user navigates the website. It does not have an expiration date. When the browser is closed, session cookies are deleted.
Persistent cookie
A persistent cookie has an expiration date and is stored in disks. Persistent cookies will be deleted after a specific length of time.