|Applies To||RSA ClearTrust Agent 4.6 for Apache 2.0|
Sun Solaris 2.8
|Issue||What are the HTTP session variables used by RSA ClearTrust Agent 4.6 for Apache 2.0?|
|Resolution||Where an existing application was using a header name changed in RSA ClearTrust Agent 4.6, a hot fix is available to allow the chosen names to be overridden. Hot fix 18.104.22.168 for RSA ClearTrust Agent 4.6 for Apache 2 can be obtained by contacting RSA Security Customer Support. With this hot fix, the Agents have been enhanced so users can now decide with which names the Agents will publish the various headers.|
A new configuration parameter named "cleartrust.agent.exported_headers" has been introduced that enables users to specify with which names the headers should be published. See the new webagent.conf.default file that is included with this hot fix for the complete description of how to set this parameter. Note that the number of names for any particular exported header (e.g. ct-auth-type) that can be provided using this parameter is limited to 64.
NOTE: The headers that begin with "sc-" are deprecated in Agent 4.6, and should no longer be used. They are replaced with the series of variables prefixed with "ct-", and are available for use in user applications if needed.
The names of the variables declare what they are used for, but specifically they are defined as follows:
is set with the session creation time in the format 'Mon, 01 Jan 2001 12:00:00 GMT'.
is set with the session expiration time in the format 'Mon, 01 Jan 2001 12:00:00 GMT'.
is set with the session touch time in the format 'Mon, 01 Jan 2001 12:00:00 GMT'.
Prior to version 4.6, the different agents were setting headers with inconsistent header names. With version 4.6, all the agents were modified to set headers consistently, and hyphens were adopted as the standard.
|Legacy Article ID||a24661|