Maximum length/legal characters for JSESSIONID cookie

Question

My setup is using JSESSIONID persistence to load-balance a weblogic application, and the JSESSIONID values they send to the client are quite convoluted:
JSESSIONID=4k97S6kYZcX0LpD5tLLSC54yy9y2fzrtzbR90R6Qd31hGY7QQm2L!916453517
Is that length in bounds of what would work with the following persistence iRule? My version is 9.4.4:
when HTTP_RESPONSE {
    if { [HTTP::cookie exists "JSESSIONID"] } {
        persist add uie [HTTP::cookie "JSESSIONID"]
    }
}
when HTTP_REQUEST {
    if { [HTTP::cookie exists "JSESSIONID"] } {
        persist uie [HTTP::cookie "JSESSIONID"]
    }
}

Thanks.

kevin_stewart · Answer

While there is no prescribed standard limit for cookie sizes, RFC 6265 recommends that a "user-agent" should at least be able to handle 4096 bytes per cookie. Hopefully you don't have cookies that big, but nonetheless it's nothing that the BIG-IP persistence table can't handle. I'd also add that the example JSESSIONID value that you've provided is not uncommonly long.

msz · Answer

We have define 8192 - cookie length and we are getting more than that.
Should We must blocked it?&nbsp;

Forum Discussion

Maximum length/legal characters for JSESSIONID cookie

Recent Discussions

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Background Tasks

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Related Content

Weblogic JSessionID Persistence

Weblogic JSessionID Persistence for Session Replication

Character Length for Object Names

Persist On Last JSESSIONID in HTTP Parameter

Sanitize special characters in AD groups names

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS