API Gateway: Cookies with special characters cause an exception
Article ID: 145451
Updated On:
Products
CA Mobile API Gateway
CA Rapid App Security
Issue/Introduction
When the gateway accepts a cookie with non-standard characters, ie: a colon, the below exception is generated
The following error message is logged when this failure occurs:
2020-02-17T14:55:37.289-0600 SEVERE 657 com.l7tech.server.SoapMessageProcessingServlet: Cookie name ""L7APIM"" is a reserved token
java.lang.IllegalArgumentException: Cookie name ""L7APIM"" is a reserved token
at javax.servlet.http.Cookie.<init>(Cookie.java:192)
at com.l7tech.common.http.CookieUtils.toServletCookie(Unknown Source)
at com.l7tech.server.policy.assertion.ServerCustomAssertionHolder.a(Unknown Source)
at com.l7tech.server.policy.assertion.ServerCustomAssertionHolder.access$600(Unknown Source)
.....
Environment
Release : 9.x
Component : Gateway
Resolution
To allow these cookies to be accepted you will need to add the below parameter to the system.properties file and restart the Gateway (/opt/SecureSpan/Gateway/node/default/etc/conf/system.properties)
org.glassfish.web.rfc2109_cookie_names_enforced=false
This allows the Gateway to bypass strict RFC 2109 compliance for cookie content.
org.glassfish.web.rfc2109_cookie_names_enforced=false
This allows the Gateway to bypass strict RFC 2109 compliance for cookie content.
Feedback
Yes
No
Powered by
