000021665 - How to use RSA ClearTrust URI retention with URL w/ querystring containing a URL w/ querystring

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021665
Applies To
RSA ClearTrust Agent 4.6 for Microsoft IIS

Microsoft Windows Server 2003
IssueHow to use RSA ClearTrust URI retention with URL w/ querystring containing a URL w/ querystring
ResolutionThis issue has been resolved in a hot fix for RSA ClearTrust Agent 4.6 for Microsoft IIS. Contact RSA Security Customer Support to obtain hot fix 4.6.0.14, or request the latest fix level (which is cumulative, and contains fixes from previous fix levels).

This hot fix corrects a bug in the ACTSESSION cookie handling. When URI retention is enabled, the retained URL is stored in a cookie named ACTSESSION on the client. If the retained URL has a querystring that contains another URL with its own querystring in the value of a key=value pair, the retained URL's querystring is truncated. For example, if the retained URL is as follows:

http://www.example.com/index.html?key=value&nested_url=http://www.example.com/test.html?subkey=subvalue

Then after logging in, the retained URL has its querystring truncated as follows:

http://www.example.com/index.html

NOTE: If the retained URL's querystring does not contain a nested URL, or if the nested URL does not have its own querystring, the retained URL is correctly preserved
Legacy Article IDa24146

Attachments

    Outcomes