Cookie handling for multiple WebSEAL instances on the same host

Question & Answer

Question

If WebSEAL sets a cookie on the browser (for example the PD-ID Failover cookie), will this cookie be sent to other webseal instances on the same system?

Answer

If the different instances are configured on different IP addresses (ie different host names), then the browsers will not send a cookie from instance1 to instance2 unless the cookie is set as a domain cookie

[failover] enable-failover-cookie-for-domain = yes

and both addresses are part of the same domain.

If the different instances are configured with different port numbers and sharing the same IP address/hostname, then the browsers will send a host cookie from instance1 to instance2. In other words the browsers only look at the host information and not the destination port number when deciding to send a cookie to a destination.

Note that the above statements are based on some internal testing. Different browsers and different versions of browsers could implement this differently. Please test with whatever browsers and versions you intend to use to ensure they work as expected.

[{"Product":{"code":"SSPREK","label":"Tivoli Access Manager for e-business"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"WebSEAL","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Was this topic helpful?

Document Information

More support for:
Tivoli Access Manager for e-business

Software version:
All versions

Document number:
85423

Modified date:
16 June 2018

UID

swg21244903

IBM Support

Tips