We are experiencing unexpected behavior for our CA SSO federation partnerships setup, where sometimes we are seeing multiple SMSESSION cookies being created.
Our use case is as follows:
1) The smsession cookie is set by waop for Domain=abc.xyz.com; (without a dot)
2) Then the cookie from the waop is sent to the webagent. However, a new cookie is set by the webagent for domain=.abc.xyz.com;(with a dot before abc)
3) Finally, only one cookie is set as the browser discards one of the cookies
How can we resolve the issue with 2 smsession cookies being generated?
From Agent log:
[1812/442803968][Wed Apr 25 2018 16:24:45] cookiedomain=''.
[1812/442803968][Wed Apr 25 2018 16:24:45] cookiedomainscope='0'.
When cookiedomain has no value, the Web Agent creates one with a leading dot.
This is not requested anymore by RFC6265. Tomcat seems to set the cookie domain without starting dot.
We have created a new ACO parameter called "ConformToRFC6265", when
set to yes, then web agent will create the smsession cookie domain
without starting dot.
The new parameter will be available from the version 12.52 SP1 CR9 and above.
Please upgrade to version 12.52 SP1 CR9 or above to resolve the issue