Help Center/ Web Application Firewall/ FAQs/ About WAF/ Why Do Cookies Contain the HWWAFSESID or HWWAFSESTIME field?

Updated on 2024-10-31 GMT+08:00

View PDF

Why Do Cookies Contain the HWWAFSESID or HWWAFSESTIME field?

HWWAFSESID indicates the session ID, and HWWAFSESTIME indicates the session timestamp. These two fields are used to mark the request, for example, they can be used to count the requests for a CC protection rule.

After a domain name or IP address is connected to WAF, WAF inserts fields such as HWWAFSESID (session ID) and HWWAFSESTIME (session timestamp) into the cookie of your customer request. These fields are used by WAF to implement some functions, such as counting requests and monitoring request duration. If these fields are not inserted, some rules may be unable to work, such as CC attack protection rules with verification code configured, known attack source rules, and dynamic anti-crawler rules.

In the following configurations, WAF does not insert HWWAFSESID (session ID) and HWWAFSESTIME (session timestamp) fields into your customer request cookies:

Protection Action is set to Allow.
In global whitelist protection rules, All protection is selected for Ignore WAF Protection.
The protection mode is Suspended.
Basic web protection is disabled.

Parent topic: About WAF

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel