Handling domain cookies

The allow-backend-domain-cookies stanza entry in the [junction] stanza of the WebSEAL configuration file controls how WebSEAL handles domain attributes in cookie headers.

When this stanza entry value is set to "no" (default), WebSEAL performs "tail matching" to determine if the domain (contained as an attribute in the cookie header) is valid. If the domain in the cookie header is valid, the cookie is sent to the browser with the domain attribute removed from the cookie header. When a browser receives a cookie with no domain attribute, it can return the cookie only to the originating server. If "tail matching" determines the domain in the cookie header is not valid, the cookie is not sent to the browser. The browser has no cookies to return.

[junction]
allow-backend-domain-cookies = no

When this stanza entry value is set to "yes", WebSEAL does not perform "tail matching" and allows all cookies, regardless of the domain attribute value, to be sent to the browser. The browser can return the cookies to the appropriate server or servers.

[junction]
allow-backend-domain-cookies = yes

Customize the allow-backend-domain-cookies configuration item for a particular junction by adding the adjusted configuration item to a [junction:{junction_name}] stanza.

{junction_name} refers to the junction point for a standard junction (including the leading / character) or the virtual host label for a virtual host junction.

Parent topic: Technical notes for using WebSEAL junctions