Multiple SmSession Cookies are being generated for Federation Partnership setup

Document ID : KB000095861
Last Modified Date : 18/05/2018
Show Technical Document Details
Issue:
We are experiencing unexpected behavior for our CA SSO federation partnerships setup, where sometimes we are seeing multiple SMSESSION cookies being created.

Our use case is as follows:

1) The smsession cookie is set by waop for Domain=abc.xyz.com; (without a dot) 

2) Then the cookie from the waop is sent to the webagent. However, a new cookie is set by the webagent for domain=.abc.xyz.com;(with a dot before abc)

3) Finally, only one cookie is set as the browser discards one of the cookies

How can we resolve the issue with 2 smsession cookies being generated?
Environment:
WebAgent 12.52 SP1 CR7 
Cause:
From Agent log:

[1812/442803968][Wed Apr 25 2018 16:24:45] cookiedomain=''. 
[1812/442803968][Wed Apr 25 2018 16:24:45] cookiedomainscope='0'.

When cookiedomain has no value, the Web Agent creates one with a leading dot. 

This is not requested anymore by RFC6265. Tomcat seems to set the cookie domain without starting dot. 

We have created a new ACO parameter called "ConformToRFC6265", when
set to yes, then web agent will create the smsession cookie domain
without starting dot.
 
Resolution:
The new parameter will be available from the version 12.52 SP1 CR9 and above.

Please upgrade to version 12.52 SP1 CR9 or above to resolve the issue