on Jun 14, 2016Article Content
| Article Number | 000014368 |
| Applies To | Apache 2.2.x Agent for Linux 64-bit IIS 6 Agent for Windows 2003 32/64-bit URL Retention Cookie in use, Query String retention false |
| Issue | AxM - RSA Access Manager 4.8 Agent is clearing URL Retention Cookie After authentication, the URL retention cookie (ACTSESSION by default) is being cleared. This behavior is different than previous versions 4.6 and 4.7. Sometime it was cleared before its use, resulting in a redirect to url %20. |
| Cause | An enhancement request introduced in the 4.8 Agent version an option to clear the cookie after its use was developed. This was done without any control to keep existing behavior intact. |
| Resolution | Subsequently, the code which introduced this behavior was removed. It will be redesigned at a later date with new parameters to control it's use. The original behavior exhibited in 4.6 and 4.7 is to retain the original value was restored into the 4.8 agent via the hotfix process. Contact customer support for RSA Access Manage Agent Hot fix 4.8.0.11 or higher, noting that all hotfixes are cumulative. The 4.8.0.11 Hotfix is for Apache on Linux 64 bit and for IIS 6, 32 or 64 bit. The behavior regression will be available for other agents in any revision of the 4.8 hotfix which is over -11. |
| Notes | ACTSESSION is not a documented public interface, and is used for customization. The ctagent.log does note the presence of ACTSESSION for debug purposes, but RSA does not expect this to be used by customers directly for customization. Retaining the ACTSESSION cookie after use is internal to RSA agent architecture, and may change as agent evolves in later hotfixes or releases. |
| Legacy Article ID | a43177 |