Cookie handling: -j modifies Set-Cookie name attribute

Junctions configured with the -j option, or listed in a junction mapping table, also provide a solution for preserving cookies returned from servers across multiple junctions.

Cookie handling by the browser:

Browsers always replace any stored cookie with a newly arrived cookie containing the same Set-Cookie name attribute, unless the path or domain attributes, or both, are unique.

Problem:

The previous section describes how the -j junction option modifies the value of the path attribute of a Set-Cookie header. This modification allows the browser to return cookies in an environment where WebSEAL is applying different filtering rules for visible and embedded URLs contained in the response pages.

In a scenario where multiple back-end servers are connected to WebSEAL across different junctions (such as in a WebSphere environment), it is possible for each server to send cookies with the same name attribute.

If the junctions use the -j option, the values of the path attribute for each cookie become identical (path=/). Because the same WebSEAL server is the point of contact for the browser, the domain attribute likewise becomes identical. Although these identical cookies arrive from unique back-end applications, the browser overwrites the identically named cookies.

Solution:

The -j junction option provides an additional feature that uniquely renames any cookie returned with a response from a back-end application server. A special string is added to the beginning of the name attribute of a Set-Cookie header. The string contains the identifier AMWEBJCT, plus the name of the specific junction responsible for delivering the response (with cookie). The exclamation point (!) is used as a separator character in the string.

For example, if a cookie with the name, ORDERID, arrives across a junction called /jctA, the cookie name is changed to :

To disable this default cookie-renaming feature, see Preservation of cookie names.

Parent topic: Handling cookies from servers across multiple -j junctions