Forum Discussion

Michael_61068's avatar
Michael_61068
Icon for Altocumulus rankAltocumulus
Sep 01, 2015

Chrome browser not deleting APM authentication cookies

Does anyone know of any issues with Google Chrome and the APM authentication / session cookies?

 

We have an issue when terminating an application session using the logout feature. With the Google Chrome browser the cookies are not being deleted as expected.

 

With IE everything works as exepected. The Logout is detected and the Response instructs the browser to set some cookies including the "F5_ST" cookie to "deleted":

 

 

The user is then redirected back to the application and the login page is requested. We can see that the F5_ST cookie has been removed:

 

 

When we try the same with the Google Chrome browser, the logout is also detected and the response instructs the browser to set some Cookies including the "F5_ST" cookie to "deleted".

 

 

The user is then redirected back to the application and the login page is request. We can see that the F5_ST cookies is still present with the previous value MRHsession cookies is now seen twice:

 

 

Is anyone aware of any issues with Google Chrome that might explain this behaviour? This is leading to the APM module not displaying the login page by displaying the Error page with the message about the APM not being able to find the session information.

 

Firefox is also working fine with this application. It is only Google Chrome.

 

Many thanks,

 

  • I have experienced this problem with multiple browsers. I do not believe that your issue is with the F5_ST cookie however. I think that is due to the multiple MRHSession. I could never track down why this was occurring other than the fact that the client browser's cookie cache was corrupt and was not deleting the session based cookies between browser restarts. The only way I could fix the issue was to explicitly purge the cookies for the particular domain and restart the browser.

     

    What version of APM are you running under?

     

  • Hello,

     

    This is probably because the cookie is set without specifying the domain and is deleted including the domain. Reverse is also true. To workaround this, you have to find a way to inject and delete the cookie using exactly the same attributes to avoid such issue in Chrome and Firefox for example