Support Article
Multiple Pega-RULES cookies with different values
SA-8960
Summary
When going through the load balancer and custom authentication two Pega-RULES cookies are added to the requests, as the user progresses through using the application.
One of the Pega-RULES cookies is from the previous user session. It is observed that there is a cookie being added at the browser level that contains the Pega-RULES cookie, when viewing the browser cache store, this cookie is viewable.
When cached files and cookies are cleared, the problem does not occur for the first user session. However, the file cookie is getting added at the browser level during the first user session.
When they start a second session, using either file->new session or logoff or login, the file cookie is adding the second Pega-RULES cookie to requests as soon as it matches the URL being used.
This is causing errors to be displayed or the login screen.
Error Messages
Login Screen is displayed.
Steps to Reproduce
1. Login into application.
2. Go to my Group > Open Work basket.
Root Cause
The root cause of this problem is a defect in Pegasystems’ code/rules.
Following rule was adding the Pega-RULES cookie and further is the reason behind the file getting added.
Rule: PegaCompositeGadgetMgr.js
Function: _pingGatewayCallback
Code:
pega.web.mgr._bDirectPRPC = true;
var IACNonGatewayKey="";
var I=sC.indexOf("IAC-NonGateway:");
if(I>=0){
var G=sC.indexOf(":",I+1)+1;
var D=sC.indexOf("\r\n",G);
IACNonGatewayKey=(D>0)?sC.substring(G,D):sC.substr(G).substr(16);
if(!(IACNonGatewayKey=="" || IACNonGatewayKey=="%22%22" || IACNonGatewayKey=="\"\"")){
pega.web.mgr._sPegaCookie=IACNonGatewayKey;
pega.web.mgr._ut._setCookie("IAC-NonGateway",pega.web.mgr._sPegaCookie,1);
}
}
if(IACNonGatewayKey=="" || IACNonGatewayKey=="%22%22" || IACNonGatewayKey=="\"\""){
var I=sC.indexOf("Pega-RULES=");
if(I>=0){
var G=sC.indexOf("=",I+1)+1;
var D=sC.indexOf(";",G);
pega.web.mgr._sPegaCookie=(D>0)?sC.substring(G,D):sC.substr(G);
pega.web.mgr._ut._setCookie("Pega-RULES",pega.web.mgr._sPegaCookie,1);
}
}
The bold/italic code block is getting hit when coming through the load balancer and SSO authentication using PRServletLDAP3. With a debugger one can see it calling the pega.web.mgr._ut._setCookie function and setting the cookie.
The reason why this code block is being hit is because the “IAC-NonGateway” header name is being modified by a Cisco F5 load balancer. It is being modified to “Iac-nongateway”.
When the header is present one should always be going down the “IAC-NonGateway” code block. One simply does not because the javascript is looking specifically for “IAC-NonGatway”.
Client PRGatewayPing Response:
HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 27 Mar 2015 20:18:45 GMT
Content-length: 4
Content-type: text/html;charset=UTF-8
X-powered-by: Servlet/3.0
Pxhandler: IAC
Iac-nongateway: 7406baaec73d6acfab7dcd576551e8de
Cache-control: max-age=0
Content-language: en-US
Set-cookie: Pega-RULES=H580161B0A05AEEE4DE5CFE7C1BAC6827; Comment="PegaRULES session tracking"; Path=/prweb
X-RBT-Optimized-By: COCOL3-WA001 (RiOS 8.5.3b) SC
GOOD
The header case has changed from “IAC-NonGateway” to “Iac-nongateway”. So the code above that is looking for the header will not match and the path that creates the cookie "Pega-RULES" cookie with javascript is is taken and runs this:
pega.web.mgr._ut._setCookie("Pega-RULES",pega.web.mgr._sPegaCookie,1);
This cookie is now available for 24 hours and cached at the browser level. Clearing cache with the cookies options select is the only way to clear the cookie.
Header are case insensitive. Looking specifically for "IAC-NonGateway" is not correct.
Resolution
This issue is resolved by Hfix-21764.
This patch changes the following:
Rule: PegaCompositeGadgetMgr.js
Function: _pingGatewayCallback
Current Code:
…
var sC = o.getAllResponseHeaders;
…
var I=sC.indexOf("IAC-NonGateway:");
…
New Code:
var I=sC.toLowerCase().indexOf("iac-nongateway:");
Published January 31, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.