Forum Discussion
NimbostratusASM cookie exposing server name?
Hi,
I just ran into an issue regarding ASM cookies. I have a transparent policy for a VS in place, that is called by an external portal. This external portal works with java and they get some exceptions, because our application sends a cookie that they can't handle properly.
According to their log, our application sends following cookie:
values:TS01876501=01de...34cbdea; Path=/<->JSESSIONID=0D...Q4d7.original_server_name; <->path=/test; <->01-Jan-1970 <->Max-Age=0; <->Expires=Thu,<->00:00:00<->GMT
I'm now a bit concerned, because this cookie seems to expose the original server name to the client, which is somehow strange for ASM to do...
But the real issue that throws an exception at this client portal is the cookie-expiration date:
Rewriting Set-Cookie value:01-Jan-1970
... ERROR Exception occured while handling request
... ERROR java.lang.StringIndexOutOfBoundsException: String index out of range: -1
... ERROR at java.lang.String.substring(String.java:1967)
Any idea how to adjust the date & time in the cookie properly? And how to hide the original server name (node)?
PeteWhiteEmployee
These are two different cookies - the original server name seems to be in the JSESSIONID cookie which is set by the server. I would suggest that you do some more tcpdumping and see where the issue lies. You can quite easily manipulate the cookies with either iRules ( flexible but require some iRule knowledge ) or LTM policies ( operationally more easy to manage than iRules but less flexible )