Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Multiple Pega-RULES cookies with different values



When going through the load balancer and custom authentication two Pega-RULES cookies are added to the requests, as the user progresses through using the application.

One of the Pega-RULES cookies is from the previous user session. It is observed that there is a cookie being added at the browser level that contains the Pega-RULES cookie, when viewing the browser cache store, this cookie is viewable.

When cached files and cookies are cleared, the problem does not occur for the first user session. However, the file cookie is getting added at the browser level during the first user session.

When they start a second session, using either file->new session or logoff or login, the file cookie is adding the second Pega-RULES cookie to requests as soon as it matches the URL being used.

This is causing errors to be displayed or the login screen.

Error Messages

Login Screen is displayed.

Steps to Reproduce

1. Login into application.
2. Go to my Group > Open Work basket.

Root Cause

The root cause of this problem is a defect in Pegasystems’ code/rules. 

Following rule was adding the Pega-RULES cookie and further is the reason behind the file getting added.
Rule: PegaCompositeGadgetMgr.js
Function: _pingGatewayCallback

pega.web.mgr._bDirectPRPC = true;
var IACNonGatewayKey="";
var I=sC.indexOf("IAC-NonGateway:");
        var G=sC.indexOf(":",I+1)+1;
        var D=sC.indexOf("\r\n",G);
        if(!(IACNonGatewayKey=="" || IACNonGatewayKey=="%22%22" || IACNonGatewayKey=="\"\"")){
if(IACNonGatewayKey=="" || IACNonGatewayKey=="%22%22" || IACNonGatewayKey=="\"\""){
      var I=sC.indexOf("Pega-RULES=");
            var G=sC.indexOf("=",I+1)+1;
            var D=sC.indexOf(";",G);
The bold/italic code block is getting hit when coming through the load balancer and SSO authentication using PRServletLDAP3.  With a debugger one can see it calling the pega.web.mgr._ut._setCookie function and setting the cookie.

The reason why this code block is being hit is because the “IAC-NonGateway” header name is being modified by a Cisco F5 load balancer.  It is being modified to “Iac-nongateway”.

When the header is present one should always be going down the “IAC-NonGateway” code block.  One simply does not because the javascript is looking specifically for “IAC-NonGatway”. 

Client PRGatewayPing Response:
HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 27 Mar 2015 20:18:45 GMT
Content-length: 4
Content-type: text/html;charset=UTF-8
X-powered-by: Servlet/3.0
Pxhandler: IAC
Iac-nongateway: 7406baaec73d6acfab7dcd576551e8de
Cache-control: max-age=0
Content-language: en-US
Set-cookie: Pega-RULES=H580161B0A05AEEE4DE5CFE7C1BAC6827; Comment="PegaRULES session tracking"; Path=/prweb
X-RBT-Optimized-By: COCOL3-WA001 (RiOS 8.5.3b) SC
The header case has changed from “IAC-NonGateway” to “Iac-nongateway”.  So the code above that is looking for the header will not match and the path that creates the cookie "Pega-RULES" cookie with javascript is is taken and runs this:


This cookie is now available for 24 hours and cached at the browser level. Clearing cache with the cookies options select is the only way to clear the cookie. 

Header are case insensitive. Looking specifically for "IAC-NonGateway" is not correct.


This issue is resolved by Hfix-21764.

This patch changes the following:

Rule: PegaCompositeGadgetMgr.js
Function: _pingGatewayCallback

Current Code:

var sC = o.getAllResponseHeaders;

var I=sC.indexOf("IAC-NonGateway:");

New Code:

var I=sC.toLowerCase().indexOf("iac-nongateway:");

Published January 31, 2016 - Updated October 8, 2020

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us