Cookie rejected warning on prod
search cancel

Cookie rejected warning on prod


Article ID: 229854


Updated On:


CA Agile Central SaaS (Rally)


We are making lookback api calls to Rally prod from our gateway servers, but we are noticing Cookie rejected warning message in our logs as below

timestamp: 2021-12-06T15:05:03

query url:<Workspace OID>/artifact/snapshot/query.js

{"@timeStamp":"2021-12-06T15:05:03,752","thread":"pool-4-thread-2","level":"WARN","loggerName":"org.apache.http.client.protocol.ResponseProcessCookies","message":"Cookie rejected: "[version: 0][name: JSESSIONID][value: <JSESSIONID_VALUE>][domain: <Hostname>][path: /analytics][expiry: null]". Illegal path attribute "/analytics". Path of origin: "/caac/saas/analytics/v2.0/service/rally/workspace/<Workspace OID>/artifact/snapshot/query.js""}

Could you verify  why this warn message is returned in response and also confirm if the cookie is formed as expected


Release :

Component :


Cookies are provided by the server (us) to the client (you). Clients that are conforming to proper standards will reject a cookie whose domain name does not match what the client is expecting.  This is client security to prevent rogue websites from reading and/or writing sensitive cookie information for websites that they do not have access to.

In this case, the client believes that the cookie should be provided by <Hostname>, but we are providing our cookie with a hostname and the client is rejecting it, as it should.

Normally, any deviation from that behavior would be handled client-side through configuration.  It is up to the client to decide if it wants to handle a less secure scenario, not up to the server.  As such, there is nothing for us to whitelist.