000017538 - CTSESSION cookie is getting written to the wrong domain - AxM

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017538
Applies ToMicrosoft IIS 7.0, IIS 7.5 or IIS 8.0
Microsoft Application Request Routing module for IIS (ARR)
Microsoft "URL Rewrite" module for IIS
RSA Access Manger 5.0 Agent for IIS 7.x
IssueCTSESSION cookie is getting written to the wrong domain
The browser is getting duplicate CTSESSION cookies.
The browser is being issued a machine cookie instead of a domain cookie, or the CTSESSION cookie is being issued to the wrong domain.  For example the CTSESSION cookie should be issued to domain.com, but instead is being issued to machine.domain.com   This can cause SSO failures.
CauseThe ARR module will attempt to rewrite the cookie domain.
ResolutionDisable the "reverse Rewrite Host In Response Headers" reverseRewriteHostInResponseHeaders setting on the ARR proxy.  This option is under IIS management console for "Application Request Routing Cache" settings. 
Legacy Article IDa67812