|Applies To||Microsoft IIS 7.0, IIS 7.5 or IIS 8.0|
Microsoft Application Request Routing module for IIS (ARR)
Microsoft "URL Rewrite" module for IIS
RSA Access Manger 5.0 Agent for IIS 7.x
|Issue||CTSESSION cookie is getting written to the wrong domain|
The browser is getting duplicate CTSESSION cookies.
The browser is being issued a machine cookie instead of a domain cookie, or the CTSESSION cookie is being issued to the wrong domain. For example the CTSESSION cookie should be issued to domain.com, but instead is being issued to machine.domain.com This can cause SSO failures.
|Cause||The ARR module will attempt to rewrite the cookie domain.|
|Resolution||Disable the "reverse Rewrite Host In Response Headers" reverseRewriteHostInResponseHeaders setting on the ARR proxy. This option is under IIS management console for "Application Request Routing Cache" settings.|
|Legacy Article ID||a67812|