Resolution
----------

AWS doesn't allow you to change attributes or flags on the Application Load Balancer type (**AWSALB**) cookies. You can't decrypt or modify load balancer-generated cookies because their content is encrypted with a rotating key.

A secure flag protects cookies that carry sensitive information. An **AWSALB** cookie is inserted only in the header of the response when stickiness is activated. This cookie has just enough information to determine the backend instance of the Application Load Balancer that will receive the request.

Because the **AWSALB** cookies don't contain any customer-sensitive information, they don't have any mechanism to set the security flag. However, the cookies are still protected and encrypted. For more information on Application Load Balancer sticky sessions, see [Sticky sessions for your Application Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/sticky-sessions.html).

I can’t find a function in the AWS Management Console to turn on the secure flag for my Application Load Balancer cookies.

Set secure flag for Application Load Balancer cookies

How do I set the secure flag for Application Load Balancer cookies?

Networking & Content Delivery

Using AWS Application Load Balancer for Blue / Green Application Migration to VMware Cloud on AWS

How can I troubleshoot Application Load Balancer session stickiness issues?

How do I register an Application Load Balancer behind a Network Load Balancer?

How do I migrate from Classic Load Balancer to Application Load Balancer or Network Load Balancer?

How do I attach a security group to my Elastic Load Balancing load balancer?

Application Load Balancer - third-party cookies in Google Chrome - Stickiness cookie

AWSALB cookie

AWSALB Cookie flags

Cookie based routing for Application Load Balancer

Set SameSite cookies for AWS Application Load Balancer

How do I set the secure flag for Application Load Balancer cookies?

Resolution

Relevant content