This discussion is archived
0 Replies Latest reply: Aug 13, 2010 2:32 AM by 807573 RSS

Webagent in sends empty cookie before redirecting to login

807573 Oracle ACE
Currently Being Moderated
Since upgrading the opensso to 8.0 Update 1 Patch3 Build 6.1 and switching to webagents v3 we encounter the following strange problem:

cliffnotes: an empty iplanet cookie is beeing send to the browser before login. This bugs firefox because its not overwritten by the correct cookie after login and the duplicate iplanet-cookies gives problems after the login.

Long version:

-everything is fine in Opera
-in IE and Firefox (and potential other browsers), every single request to a protected resource gets redirected to the SSO
which promptly redirects back to the resource because a valid session already exists. then the protected content is delivered just fine
-5 minutes after login, everything is working as expected

I tracked down the problem pretty far:

-Assume an invalid session / no SSO cookies:
-the first request to a protected resource gets the following headers as response:

Set-Cookie     iPlanetDirectoryPro=;Max-Age=300;Path=/
Location     https://...:443/opensso/cdcservlet

Now the User logs in and is redirected back to the protected resource by the cdservlet
However, Firefox now always sends two valid iplanet-cookies for the resources. You can see this in the browser-cookie-list and in the HTTP-Request as well:
GET /style.css
Cookie     iPlanetDirectoryPro=; iPlanetDirectoryPro=DFA85DA..DFA85DA=#; JSESSIONID=DFA85DA..DFA85DA

Once you delete the empty cookie, or it expires after 300 seconds=5 Minutes, everything is fine
Opera seems to overwrite the empty one with the correct one while firefox does not.

So my main Question is: How can i prevent the setting of this empty 300-max-age iplanet cookie? What is it good for anyways?

I tried experimenting with com.sun.identity.agents.config.cookie.reset.enable, but nothing changed.
I find is particulary strange that 300 is the default value of com.sun.identity.agents.config.profile.attribute.cookie.maxage. However, i changed that value but the maxage=300 persists. Actually, i dont have any 300 whatsoever left in my config.