Forum Discussion

Andrei_Popiste1's avatar
Andrei_Popiste1
Icon for Nimbostratus rankNimbostratus
Mar 09, 2011

WebLogic server setting secure cookies browser not using

A 10.2.0.1789 LTM is used to balance traffic among two WebLogic servers (HTTPS traffic end-to-end) - pool members are declared using WebLogic servers IPs and https ports (different from default 7001-700x ports).

 

 

Besides initial JSESSIONID cookie (used for uie persistence), each individual application served is setting its own JSESSIONID and wl_authcookie cookies (same cookie names for all applications), even if windows integrated authentication is used (accessing individual application via WebLogic portal balanced by f5 required re-authentication until I registered ServicePrincipalName for f5's VS IP). Both cookies have secure and HttpOnly options, but the domain is the same.

 

 

Even if the new JSESSIONID cookies are triggering uie persistence iRule, none of them is used by browser when accessing the applications URIs, not even the JSESSIONID cookie used in initial communication - application URIs are displaying WebLogic server errors regarding authentication. Using direct connection to WebLogic servers (to portal, on port 443, not directly on https ports as used in pool members), browser is using cookies as set up and changed when accessing different applications.

 

 

The only application which can be accessed through f5 is the one which is not setting its own cookie.

 

 

Any suggestion on how to force cookies to be returned to WL server would be invaluable. Maybe to retain the cookies from initial application response and to attach them to any further client to server commuication without cookie header ?

 

No RepliesBe the first to reply