Java Agent can reset cookies in its own domain before redirecting the client for login, and when the client logs out.
Pre-authentication cookies are reset automatically after successful authentication. Authentication cookies are reset automatically on logout. This section describes how to manage reset of other cookies.
To enable cookie reset, set
Cookie Reset to
true. The agent resets the cookies in the response before redirecting the
client for login, and when the client logs out.
To reset specific cookies, add them to the list in Reset Cookie List. The agent searches for the cookie name using a case-sensitive search. If it finds a match, the cookie is reset. Otherwise, the agent searches again using a case-insensitive search. If it then finds a match, the cookie is reset and a warning is issued to the logs.
When profile or session attributes are stored in cookies
Profile Attribute Fetch Mode
Session Attribute Fetch Mode
has the value
HTTP_COOKIE), cookie reset is enabled automatically and cannot
The agent resets the profile and session attributes cookies and the cookies
Reset Cookie List.
When response attribute are stored in cookies
(Response Attribute Fetch Mode
has the value
HTTP_COOKIE), the agent does not reset them automatically.
To prevent a build up of response attribute cookies, consider adding them to
the Reset Cookie List.
To specify the domains for which cookies named in Reset Cookie List are used after reset, set the Reset Cookie Domain Map. To specify the paths for which cookies named in Reset Cookie List are used after reset, set the Reset Cookie Path Map.
Consider enabling cookie reset when the agent is deployed with parallel authentication mechanisms. Resetting cookies from one authentication mechanism before redirecting clients to log in with another mechanism helps prevent issues on the new login site.