ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

API Gateway: Cookies with special characters cause an exception


Article ID: 145451


Updated On:


CA Mobile API Gateway CA Rapid App Security


When the gateway accepts a cookie with non-standard characters, ie: a colon, the below exception is generated

The following error message is logged when this failure occurs:

2020-02-17T14:55:37.289-0600 SEVERE  657 com.l7tech.server.SoapMessageProcessingServlet: Cookie name ""L7APIM"" is a reserved token

java.lang.IllegalArgumentException: Cookie name ""L7APIM"" is a reserved token

        at javax.servlet.http.Cookie.<init>(

        at com.l7tech.common.http.CookieUtils.toServletCookie(Unknown Source)

        at com.l7tech.server.policy.assertion.ServerCustomAssertionHolder.a(Unknown Source)

        at com.l7tech.server.policy.assertion.ServerCustomAssertionHolder.access$600(Unknown Source)



Release : 9.x

Component : Gateway


To allow these cookies to be accepted you will need to add the below parameter to the file and restart the Gateway  (/opt/SecureSpan/Gateway/node/default/etc/conf/


This allows the Gateway to bypass strict RFC 2109 compliance for cookie content.