Chrome browser not deleting APM authentication cookies

Question

Does anyone know of any issues with Google Chrome and the APM authentication / session cookies?&nbsp;
We have an issue when terminating an application session using the logout feature. With the Google Chrome browser the cookies are not being deleted as expected.&nbsp;
With IE everything works as exepected. The Logout is detected and the Response instructs the browser to set some cookies including the "F5_ST" cookie to "deleted":&nbsp;
&nbsp;
The user is then redirected back to the application and the login page is requested. We can see that the F5_ST cookie has been removed:&nbsp;
 &nbsp;
When we try the same with the Google Chrome browser, the logout is also detected and the response instructs the browser to set some Cookies including the "F5_ST" cookie to "deleted".&nbsp;
&nbsp;
The user is then redirected back to the application and the login page is request. We can see that the F5_ST cookies is still present with the previous value MRHsession cookies is now seen twice:&nbsp;
&nbsp;
Is anyone aware of any issues with Google Chrome that might explain this behaviour? This is leading to the APM module not displaying the login page by displaying the Error page with the message about the APM not being able to find the session information.&nbsp;
Firefox is also working fine with this application. It is only Google Chrome.&nbsp;
Many thanks,&nbsp;

walter_kacynski · Answer

I have experienced this problem with multiple browsers.  I do not believe that your issue is with the F5_ST cookie however.  I think that is due to the multiple MRHSession.  I could never track down why this was occurring other than the fact that the client browser's cookie cache was corrupt and was not deleting the session based cookies between browser restarts.  The only way I could fix the issue was to explicitly purge the cookies for the particular domain and restart the browser.&nbsp;
What version of APM are you running under?&nbsp;

greg_crosby_319 · Answer

I noticed a reported bug for chrome regarding this subject that might be relevant:
Continue where i left off option&nbsp;

yann_desmarest · Answer

Hello,&nbsp;
This is probably because the cookie is set without specifying the domain and is deleted including the domain. Reverse is also true. To workaround this, you have to find a way to inject and delete the cookie using exactly the same attributes to avoid such issue in Chrome and Firefox for example&nbsp;

Forum Discussion

Chrome browser not deleting APM authentication cookies

3 Replies

Recent Discussions

How to add a new DNS(gtm) to the existing network?

Failed to add new DNS machine to the existing DNS sync-group

Email Notification Sent For The Configuration Change

F5 Malicious Source IP Address Alert

F5 APM Variable Assign agent

Related Content

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Doing mTLS Authentication per URL

Deleting an AS3 Tenant

Application Programming Interface (API) Authentication types simplified

Removal Cookies on Client Browser