on Jun 16, 2016Article Content
| Article Number | 000021665 |
| Applies To | RSA ClearTrust Agent 4.6 for Microsoft IIS Microsoft Windows Server 2003 |
| Issue | How to use RSA ClearTrust URI retention with URL w/ querystring containing a URL w/ querystring |
| Resolution | This issue has been resolved in a hot fix for RSA ClearTrust Agent 4.6 for Microsoft IIS. Contact RSA Security Customer Support to obtain hot fix 4.6.0.14, or request the latest fix level (which is cumulative, and contains fixes from previous fix levels). This hot fix corrects a bug in the ACTSESSION cookie handling. When URI retention is enabled, the retained URL is stored in a cookie named ACTSESSION on the client. If the retained URL has a querystring that contains another URL with its own querystring in the value of a key=value pair, the retained URL's querystring is truncated. For example, if the retained URL is as follows: http://www.example.com/index.html?key=value&nested_url=http://www.example.com/test.html?subkey=subvalue Then after logging in, the retained URL has its querystring truncated as follows: http://www.example.com/index.html NOTE: If the retained URL's querystring does not contain a nested URL, or if the nested URL does not have its own querystring, the retained URL is correctly preserved |
| Legacy Article ID | a24146 |