Dan_Bowman
Mar 07, 2019Cirrus
ASM stripping double quotes from cookie values post v14?
Noticed one of our apps stopped working after moving from v13.1 > v14.1.0.2
Investigation suggests ASM is stripping quotes from JSESSIONID cookies and preventing sessions from being initiated - has...
- Nov 13, 2019
To close this off - the issue was corrected in v14.1.2.1
769997-1 : ASM removes double quotation characters on cookies
Component: Application Security Manager
Symptoms:
ASM removes the double quotation characters on the cookie.
Conditions:
Cookie sent that contains double quotation marks.
Impact:
The server returns error as the cookie is changed by ASM.
Workaround:
Set asm.strip_asm_cookies to false using the following command:
tmsh modify sys db asm.strip_asm_cookies value false
Fix:
ASM no longer removes the double quotation characters on the cookie.