000014775 - AxM - Request For Enhancement - Blank ACTSESSION Retention Cookie After Use

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014775
Applies ToAccess Manager Agents version 4.8
IssueAxM - Request For Enhancement - Blank ACTSESSION  Retention Cookie After Use
 A new feature to clear the URL retention cookie was improperly introduced in the 4.8 agent with no back support for prior use cases of the agent. There was no control to support the original behavior of maintaining the cookie's last retained uri.  That functionality was initially removed with Hot fix 4.8.11. (See Primus solution a43177 ). The original feature was still required.  
Resolution

 This Hot fix is an attempt to properly implement the feature. A new agent parameter will be introduced to control the behavior of the uri retention cookie. This parameter will not affect the query string form of uri retention.

The new parameter is defined as follows:
    # This parameter decides whether ACTSESSION cookie should be
    # blanked out after use or not.
    #
    # Allowed Values:
    #    True       The ACTSESSION cookie is cleared after use.
    #    False      The ACTSESSION cookie is not cleared after use.
    #
    # Default Value:
    #    False
    cleartrust.agent.clear_retention_cookie_after_use=True

Contact RSA Customer Support and request Hot fix 4.8.0.34. or higher for the following agents. In the future, additional agents will adopt this feature.  

At this time, Oct 2009, The following webserver agents have this feature:
linux_64/libct_apache2_agent.so   Apache 2.0.x Agent for Linux (RHEL)
linux_64/libct_apache22_agent.so  Apache 2.2.x Agent for Linux (RHEL)
win32/ct_iis70_agent.dll          IIS 7 Agent for Windows 2008 32-bit
win64/ct_iis70_agent.dll          IIS 7 Agent for Windows 2008 64-bit   

Legacy Article IDa48192

Attachments

    Outcomes