000014368 - AxM - RSA Access Manager 4.8 Agent Clearing URL Retention Cookie

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014368
Applies ToApache 2.2.x Agent for Linux 64-bit
IIS 6 Agent for Windows 2003 32/64-bit
URL Retention Cookie in use, Query String retention false 
IssueAxM - RSA Access Manager 4.8 Agent is clearing URL Retention Cookie
After authentication, the URL retention cookie (ACTSESSION by default) is being cleared.  This behavior is different than previous versions 4.6 and 4.7.  Sometime it was cleared before its use, resulting in a redirect to url %20.
CauseAn enhancement request introduced in the 4.8 Agent version an option to clear the cookie after its use was developed.  This was done without any control to keep existing behavior intact.
ResolutionSubsequently, the code which introduced this behavior was removed.  It will be redesigned at a later date with new parameters to control it's use.  The original behavior exhibited in 4.6 and 4.7 is to retain the original value was restored into the 4.8 agent via the hotfix process. Contact customer support for RSA Access Manage Agent Hot fix 4.8.0.11 or higher, noting that all hotfixes are cumulative.  The 4.8.0.11 Hotfix is for Apache on Linux 64 bit and for IIS 6, 32 or 64 bit.  The behavior regression will be available for other agents in any revision of the 4.8 hotfix which is over -11.
NotesACTSESSION is not a documented public interface, and is used for customization. The ctagent.log  does note the presence of ACTSESSION for debug purposes, but RSA does not expect this to be used by customers directly for customization. Retaining the ACTSESSION cookie after use is internal to RSA agent architecture, and may change as agent evolves in later hotfixes or releases.
Legacy Article IDa43177

Attachments

    Outcomes