We are making lookback api calls to Rally prod from our gateway servers, but we are noticing Cookie rejected warning message in our logs as below

Timestamp is in CDT

Username: [email protected]

timestamp: 2021-12-06T15:05:03

query url: rally1.rallydev.com/analytics/v2.0/service/rally/workspace/46888888887/artifact/snapshot/query.js

{"@timeStamp":"2021-12-06T15:05:03,752","thread":"pool-4-thread-2","level":"WARN","loggerName":"org.apache.http.client.protocol.ResponseProcessCookies","message":"Cookie rejected: "[version: 0][name: JSESSIONID][value: 1h57j788888888888888888888][domain: outbound.api.gateway.wxyzlocal.int][path: /analytics][expiry: null]". Illegal path attribute "/analytics". Path of origin: "/caac/saas/analytics/v2.0/service/rally/workspace/46772661387/artifact/snapshot/query.js""}

Could you verify  why this warn message is returned in response and also confirm if the cookie is formed as expected

Release :

Component :

Cookies are provided by the server (us) to the client (you). Clients that are conforming to proper standards will reject a cookie whose domain name does not match what the client is expecting.  This is client security to prevent rogue websites from reading and/or writing sensitive cookie information for websites that they do not have access to.

In this case, the client believes that the cookie should be provided by stage.outbound.api.gateway.companyname.int, but we are providing our cookie with a sandbox.rallydev.com hostname and the client is rejecting it, as it should.

Normally, any deviation from that behavior would be handled client-side through configuration.  It is up to the client to decide if it wants to handle a less secure scenario, not up to the server.  As such, there is nothing for us to whitelist.