ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Web Agent :: Domino : SMDOMINODATA


Article ID: 49449


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



What is the use of SMDOMINODATA cookie? How can we configure DOMINO Agent to stop creating SMDOMINODATA cookie?



This cookie is created because it holds the Client IP Address in an encrypted format. This is needed because of a lack on the Domino Web Server side. The Domino Web Server does not keep the RawRequest context that it is needed to write headers to the server for processing. Thus Domino Web Agent cannot get the IP address the same way that other Web Servers.

When the resource is protected and a redirect is sent to the Domino Web Server, then the Domino Web Server will redirect the URI along with the SMSOMINODATA among the other.

Then, while creating SMSESSION cookie the Agent will use the client IP available in the SMDOMINODATA cookie and here after Agent will send SMSESSION cookie only; SMDOMINODATA cookie is no longer used and suppressed.

There is no way to disable it. But, as work around, you may skip it if you set the ACO Parameter

RequireCookies = No

With this ACO Parameter set to NO the Web Agent does not require cookies and the Web Agent functions normally. However, the user may be challenged for credentials unexpectedly and the Web Agent may not strictly enforce time-outs.

Note: The Web Agent needs client IP to validate it so as to prevent security breaches. This is to ensure that others cannot steal the cookie and gain unauthorized access to the resource. The IP checking feature enables the Web Agent to compare the IP address stored in a cookie from the last request with the IP address in the current request to see if they match. If they do not match, the Web Agent rejects the request.

If RequireCookies is set to Yes, then either SMCHALLENGE or SMSESSION cookies should be available for processing the request further. If it is not present then the an error page indicating "403 Access denied" cookies were not passed successfully between browser and server will be displayed to the user. (This setting is useful only if basic authentication is used.).

And if RequireCookies is set to No then this check on the cookies would be bypassed. i.e. even if there is no SMSESSION or SMCHALLENGE cookie present the request processing will continue.


Component: SMDMO