ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

API Gateway: Cookies with special characters cause an exception

book

Article ID: 145451

calendar_today

Updated On:

Products

CA Mobile API Gateway CA Rapid App Security

Issue/Introduction

When the gateway accepts a cookie with non-standard characters, ie: a colon, the below exception is generated


The following error message is logged when this failure occurs:

2020-02-17T14:55:37.289-0600 SEVERE  657 com.l7tech.server.SoapMessageProcessingServlet: Cookie name ""L7APIM"" is a reserved token

java.lang.IllegalArgumentException: Cookie name ""L7APIM"" is a reserved token

        at javax.servlet.http.Cookie.<init>(Cookie.java:192)

        at com.l7tech.common.http.CookieUtils.toServletCookie(Unknown Source)

        at com.l7tech.server.policy.assertion.ServerCustomAssertionHolder.a(Unknown Source)

        at com.l7tech.server.policy.assertion.ServerCustomAssertionHolder.access$600(Unknown Source)

        .....


Environment

Release : 9.x

Component : Gateway

Resolution

To allow these cookies to be accepted you will need to add the below parameter to the system.properties file and restart the Gateway  (/opt/SecureSpan/Gateway/node/default/etc/conf/system.properties)

org.glassfish.web.rfc2109_cookie_names_enforced=false


This allows the Gateway to bypass strict RFC 2109 compliance for cookie content.