What are the 'web-cookie-user' and 'web-cookie-domain' for?

For all authentication attempts a cookie with the user ID and another with the product ID are stored in plain text. But then, there is no application code that reads those cookies back.

A problem that La Ley found is that Tomcat enforces a restriction on with characters can be stored in a cookie while WAS didn't, so a user ID with an 'ñ' cannot be stored and the authentication request breaks.

Does anyone know what these two cookies are used for? Are they even needed?

Find more posts tagged with

authentication

refinitiv-internal

Accepted answers

craig.wageman

Within MAF applications, web-cookie-user is used for certain reporting. For example, Coradiant (now BMC EUEM) uses the web-cookie-user to identify a user for requests. I also believe some applications may have custom reporting based on log files (e.g., access logs).

All comments

Brian Madison

I can't help you with the usage question about the 2 cookies, but I do know that servlet containers expect proper URL encoding/decoding of cookie values. In Checkpoint US we've had problems in later versions of Tomcat, but also in Websphere when trying to store bad chars in cookies.

The CookieManager class at some point needs to handle this, but you likely need to retro-fit it so you don't cause issues with existing cookies.

James Greene

I believe cookies are just another form of HTTP headers, in which case they can only handle ASCII encoding for some short-sighted reason.

craig.wageman

EXPLORE OUR SITES