search cancel

APM and cookie integration issues with new OWIN Libraries

book

Article ID: 188694

calendar_today

Updated On:

Products

CA Application Performance Management Agent (APM / Wily / Introscope) CA Application Performance Management (APM / Wily / Introscope) INTROSCOPE DX Application Performance Management

Issue/Introduction

Our development team have identified issues with regard to newer libraries. Can Broadcom provide any insight here.

 

https://github.com/aspnet/AspNetKatana/wiki/System.Web-response-cookie-integration-issues

 

Basically, Microsoft has some newer libraries (referred to as OWIN in that article) meant to work with both .NET Core and the full framework, and to achieve platform independence required by .NET Core, they manage cookies in a different way than the older/standard .NET approach (referred to as System.Web in that article), to decouple it from IIS/Windows. For a single web request, it should be safe to use one approach or the other, but unfortunately when the approaches are mixed, we can see unexpected results.

 

In our case, we had set the XSRF cookie in the response using the OWIN library, and it seems that somewhere in the response pipeline, APM may have done some operations using a System.Web.HttpCookie (in my testing, adding and then immediately removing a System.Web.HttpCookie, even if it has a different name than the OWIN cookie, ends up removing the OWIN cookie from the response – whether this operation comes before or after the OWIN cookie is added).

Environment

Release : 10.7.0

Component : APM Agents

Resolution

Set the below property to false, restart the agent and see if it mitigates the issue.


introscope.agent.bizRecording.enabled=true


to


introscope.agent.bizRecording.enabled=false
Powered by Wolken Software