Command Line Interface Reference Guide > The SLB Configuration Menu
Cookie-Based Persistence
Cookies are a mechanism for maintaining the state between clients and servers. When the server receives a client request, the server issues a cookie, or token, to the client, which the client then sends to the server on all subsequent requests. Using cookies, the server does not require authentication, the client IP address, or any other time-consuming mechanism to determine that the user is the same user that sent the original request.
In the simplest case, the cookie may be just a “customer ID” assigned to the user. It may be a token of trust, allowing the user to skip authentication while his or her cookie is valid. It may also be a key that associates the user with additional state data that is kept on the server, such as a shopping cart and its contents. In a more complex application, the cookie may be encoded so that it actually contains more data than just a single key or an identification number. The cookie may contain the user’s preferences for a site that allows their pages to be customized.
Based on the mode of operation, cookies are inserted by either Alteon or the server. After a client receives a cookie, it includes the cookie in its subsequent requests, which allows the server to positively identify the client as the one that received the cookie earlier.
Cookie-based persistence solves the proxy server problem and provides improved load distribution at the server site.
Use the cookie option to establish cookie-based persistence. Cookie Persistence Options (/cfg/slb/virt/service/http/cookie) describes the cookie sub-options.
 
Cookie Persistence Options (/cfg/slb/virt/service/http/cookie) 
Option
Description
mode
Specifies one of the following modes for cookie-based persistence:
*p — Passive mode. The Web server embeds a cookie in its response to the client. Alteon records the specified cookie value and server, and forwards subsequent requests carrying the same cookie value to the same server.
Available only for HTTP services and HTTPS services with SSL offload.
*r — Rewrite mode, or active cookie mode. The server inserts a persistency cookie in the response but Alteon, and not the network administrator, rewrites it, eliminating the need for the server to generate cookies for each client.
*i — Insert mode. In this mode, Alteon generates a cookie value, inserts the Set-Cookie header in the server response, and records the cookie value and the server. All subsequent HTTP requests carrying this cookie value are forwarded to the same server.
Available only for HTTP services and HTTPS services with SSL offload (the default persistence type for these services).
The following are insert mode options:
Cookie Name — The name of the inserted cookie.
Maximum characters: 20
Default: AlteonP
Insert cookie domain name? — Specifies whether to the include or exclude the domain attribute in the inserted Set-Cookie header. This attribute specifies to the browser the domain for which the cookie is valid.
Values: y, n
Default: n
Enter path — Specifies the path attribute in the inserted Set-Cookie header. This attribute specifies to the browser whether the cookie is valid only for the specific path.
Maximum characters: 32
Insert samesite attribute? — Specifies whether to include the samesite attribute in the inserted Set‑Cookie header, and if yes, with which value.
Values = y, n
Default = n
If answer is y (include the samesite attribute), you are prompted to select one of the following values:
*lax — Cookies with samesite=lax are not sent on normal cross-site subrequests (for example, to load images or frames into a third-party site), but are sent when a user is navigating to the origin site (i.e., when following a link).
*strict — Cookies with samesite=strict are only sent in a first-party context and not sent along with requests initiated by third-party websites.
*none — Signals that the cookie data can be shared with third-parties or external sites (for example, advertising or embedded content). Signals that the cookie data can be shared with third-parties or external sites (for example, advertising or embedded content).
Is cookie secure? — Specifies whether to include or exclude the Secure attribute in the inserted Set‑Cookie header. This attribute specifies that the client is required to use a secure connection to obtain content associated with the cookie.
Note: If you insert samesite and set the flag to none, the Secure attribute is automatically included and instead of Is cookie secure?, the line displayed is Cookie secure attribute is set (required for SameSite None).
httponly — Specifies whether to include the httponly attribute in the inserted Set-Cookie header. When present, this attribute prevents client-side scripts from accessing data.
Values: Enable, Disable
Expiration — The string that specifies cookie expiration of the virtual server.
Specify one of the following:
*A date in the format <MM/dd/yy[@hh:mm]>. For example, 12/31/01@23:59.
*A duration in the format <days[:hours[:minutes]]>. For example, 45:18:30.
*None
Note: Radware recommends that you do not use the date format in this option.
Default: p
name
Specifies the name of the cookie whose value is used to select the server.
Maximum characters: 20
Default for cookie insert mode: AlteonP
offset
Specifies the starting point of the cookie value for cookie rewrite or passive modes.
Values: 1 – 64
length
Specifies the number of bytes to extract from the cookie value in cookie rewrite or passive modes. For cookie rewrite, the length must be 28.
Values: 1 – 64
Default: 1
URI
Specifies whether to look for the persistence cookie in the URI or in the HTTP cookie headers.
Default: disable