search cancel

APM and cookie integration issues with new OWIN Libraries


Article ID: 188694


Updated On:


CA Application Performance Management Agent (APM / Wily / Introscope) CA Application Performance Management (APM / Wily / Introscope) INTROSCOPE DX Application Performance Management


Our development team have identified issues with regard to newer libraries. Can Broadcom provide any insight here.


Basically, Microsoft has some newer libraries (referred to as OWIN in that article) meant to work with both .NET Core and the full framework, and to achieve platform independence required by .NET Core, they manage cookies in a different way than the older/standard .NET approach (referred to as System.Web in that article), to decouple it from IIS/Windows. For a single web request, it should be safe to use one approach or the other, but unfortunately when the approaches are mixed, we can see unexpected results.


In our case, we had set the XSRF cookie in the response using the OWIN library, and it seems that somewhere in the response pipeline, APM may have done some operations using a System.Web.HttpCookie (in my testing, adding and then immediately removing a System.Web.HttpCookie, even if it has a different name than the OWIN cookie, ends up removing the OWIN cookie from the response – whether this operation comes before or after the OWIN cookie is added).


Release : 10.7.0

Component : APM Agents


Set the below property to false, restart the agent and see if it mitigates the issue.