Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.6.2 HF1, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.0.0, 11.6.0 HF4, 11.5.1 HF6, 11.4.1 HF9
Opened: Aug 15, 2014 Severity: 3-Major
Authentication with OAM ObSSOCookie failed after the mutiple cookies added by APM EAM module was sent with a comma delimiter to separate them. EAM should be making a single Cookie header with the cookies delimited by semi-colon.
Authentication with OAM ObSSOCookie fails and user is required to authenticate again with credentials.
Authentication with OAM ObSSOCookie fails after multiple cookies added by APM EAM module are sent with comma delimiter to separate them.
no workaround
EAM used to send multiple cookies headers in HTTP message. Multiple HTTP headers like this are treated as comma-separated by some receivers. Now EAM adds a single Cookie header with the cookies delimited by semi-colon.