Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10
Fixed In:
11.6.0, 11.4.1 HF9
Opened: Jan 13, 2015 Severity: 3-Major Related Article:
K16244
APM does not support Citrix Wyse clients when working with StoreFront in integration mode.
As a result of this issue, you may encounter one or more of the following symptoms: When you attempt to access the StoreFront resource, the request fails as unauthenticated. When you attempt to access the StoreFront resource directly, the request is successful. When you view the HTTP headers sent by the BIG-IP APM system to the StoreFront destination resource, the NSC_AAAC cookie value is set with a double value. For example: Cookie: NSC_AAAC=6cb9479c1c91ed71abe97975643a2c3e; NSC_AAAC=xyz; NSC_DLGE=xyz
Using APM with Citrix Wyse clients when working with StoreFront in integration mode.
Use the following iRule: priority 1 when HTTP_REQUEST { set string [HTTP::header value Cookie] if {$string contains "NSC_AAAC=xyz"}{ regsub {NSC_AAAC=xyz;?} $string {} tmp regsub {NSC_DLGE=xyz;?} $tmp {} result HTTP::header replace Cookie $result } }
Now APM correctly handles Citrix Receiver clients which don't honor cookie expiration and send expired cookies.