Arrowpoint cookie HTTP Only flag set.

Similar Messages

• What is behavior for cookie-http-only?

  I noticed cookie-http-only property available in 9.2 and also 10.3 but what exactly does enabling this do?
  The documentation isn't very clear.
  "Specifies whether HttpOnly cookies are enabled. When this element is set to true, all session cookies would be unavailable to the browser scripts. The default value is true. Therefore, HttpOnly cookies are enabled by default."
  Does that mean it will make my jsessionid as httponly? In 9.2, enabling this property didn't do this.
  Does it just mean it will honor httponly settings? But that would be on the browser end.
  Does it mean it will make my other session cookies as httponly and not jsession id?
  Please clarify

  Smart Mailboxes don't do anything to messages except list them. The messages must reside somewhere else. If the message is deleted from wherever it lives, or if it no longer satisfies the search criteria that define the Smart Mailbox, it will no longer appear. For example, suppose the Smart Mailbox specifies "unread" messages. Once the message has been read, it will not appear in that Smart Mailbox the next time it is opened.

• Rules are not allowed for jobs with set 'archive edited messages only' flag.

  Hi,
  We are on AEX 7.4 and have enabled user defined search and also setup archiving. Even though the retention period has expired but still the messages are not being
  archived.
  We see following issues:
  1. Unable to setup archiving rule in Runtime Work Bench, we are getting following error:
  Rules are not allowed for jobs with set 'archive edited messages only flag.
  2. Unable to set the expiration of messages using the following link.Each time we specify the number days it shows the same number of
  messages expired.
  http://XXXXX:50000/MessagingSystem/job/reorgdb.jsp
  3. However if we click on "remove messages" button the messages are getting deleted which tells me that the messages are not matching any
  archiving rule hence are being removed.
  Any pointers to the above issue are appreciated!!!
  Thanks,
  Rajeev

  Hi,
  Please check the [link|http://www.****************/Tutorials/XI/Archiving/Index.htm]
  Also check this
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/402fae48-0601-0010-3088-85c46a236f50?quicklink=index&overridelayout=true
  http://wiki.sdn.sap.com/wiki/pages/viewpage.action?pageId=147266890
  Regards,
  Naveen.

• Arrowpoint cookies and state changes

  We have an 11050 6.10 build 4 (replacing it soon with a 11501) that is setting a cookie so we can stick a client to a server. The application is also setting a JSESSION cookie. The service is doing a HEAD to a specific page to verify the service is up. The service can change state often (say 1000 times in 2 hours) but the service is not always marked as down. It may only be marked as down 5 to 10 times in those 2 hours. The users are experiencing slow response and are getting kicked out of the application and going back to a login screen. My questions are:
  1. State Change Counters. If I go from alive to dying to alive is that 1 or 2 state changes?
  2. If a service is dying and a client connects to the service with the cookie already set will the CSS send them to the dying server or will it send them to the alive server? If it sends them to the alive server does it reset the cookie?
  3. If the service is down does the CSS send a RST to the client or does it just over write the cookie and send it to the alive server?
  4. Service timeouts. Is it true that the timeout for a service is the frequency -1? So if I have a frequency of 5 seconds if the CSS doesn't get a response within 4 seconds the service would go to the dying state?
  Thanks

  Thanks for the response. According to the Cisco documentation below when a service is down the client will be directed to the alive server. If clients aren't automatically sent to the alive server how would they ever get off the down service?
  The service isn't strange it's the app that's strange ;-) Basically they're getting slow response and the clients are getting kicked out of the app. As usual they want to blame every thing else but the app.
  The increase that I thought I was seeing in the state counters might not be accurate. When I did the show service it said the counters had been cleared this morning and they were already up to 1300. However, no one logged into the CSS except our Ciscoworks server. I'm not sure why it said they were cleared this morning unless CW2K is doing it. I cleared the counters and they're back to zero so I'll monitor it.
  ---Cisco Doc-------
  When a client comes in with a valid cookie request but the sticky server is not available, the CSS uses the sticky-serverdown-failover configuration to handle the request.
  By default, the sticky-serverdown-failover is configured as balance. The sticky-serverdown-failover balance method will treat the client's request as an initial request without the ArrowPoint cookie. It uses the load-balancing algorithm to choose a server, and then redirects the request with a generated ArrowPoint cookie.
  The other option is a failover type of redirect. In this case, the CSS redirects the request to the specified URL.
  The command sticky-no-cookie-found-action should not be configured in an ArrowPoint cookie content rule. Not only will this command not work, it produces many irregularities in the CSS.
  http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_tech_note09186a00801c8c2f.shtml

• Is there a way to have Firefox keep cookies from only certain sites?

  I want to allow Firefox to retain cookies from only certain sites. Is there a way to do this? My understanding is that it is much riskier from a security standpoint to allow cookies to remain in the browser continually. So I have it set to remove them when Firefox closes. But there are a couple of sites I trust and it would make things a lot better if I could keep their cookies.

  I'm not aware of such an add-on, but it might exist. There also might be a Greasemonkey userscript that will load the pages and fire the save.
  This thread discusses way to save pages once you have them loaded: [https://support.mozilla.org/en-US/questions/923234 How to save a website using firefox. | Firefox Support Forum | Firefox Help].

• Do arrowpoint-cookies use "string range"?

  I can't find any document mentioning whether or not "advanced-balance arrowpoint-cookie" uses the "string range" setting in a content rule to determine how far to look down the cookie string to find the ARPT cookie. The default setting in the rule is "1 to 100", so if I have a cookie string that looks like this (from a sniffer trace):
  HTTP: 12: Cookie: $Version=0; XSESSIONID=Qy8PilVehwrIFD8Fs6tqzbIhtSFe3Qer9Euu2qGE4Ygz1nx29238F0FuFPS!=1730213783!=2102771864!8161!7002; ARPT=OZOMIVS172.16.1.20CK00J; preloginFlag=yes; termsflag=yes
  The arrowpoint cookie ARPT is more than 100 characters into the string, so will the CSS not see this cookie and send a new one (thereby rebalancing, possibly to a new server)? Or does advanced-balance arrowpoint-cookie always look through the entire cookie string?
  I haven't been able to lab test this, so I was wondering if anyone knew for sure?
  Thanks,
  Paul

  Paul,
  for arrowpoint cookie the CSS will look in the first 6 packets - whatever the size.
  You can increase or decrease this value with the command
  CSS11503(config)# spanning-packets ?
  Integer value(Range: 1-20)
  The string range has no effect for arrowpoint-cookie.
  Regards,
  Gilles.
  Thanks for rating this answer.

• CSS11500 arrowpoint-cookie question

  I'm doing some testing with a CSS11500 in a one-armed configuration.
  I need to ensure that users will stick to the same web server for a period of about 8 hours. I know this can be accomplished with sticky sourceip, but wanted to try arrowpoint-cookies to see how that worked. I believe I have everything configured correctly, but for some reason, I'm not getting any arrowpoint-cookies. Load-balancing is occurring round-robin and there are never any arrowpoint cookies in my Temp Internet Files folder.
  Does anyone have any clues?
  Config below:
  !************************** CIRCUIT **************************
  circuit VLAN1
  ip address 192.168.200.100 255.255.255.0
  no redirects
  !************************** SERVICE **************************
  service adcwps1p
  ip address 158.52.157.197
  string css_adcwps1p
  active
  service adcwps3p
  ip address 158.52.157.195
  keepalive type none
  string css_adcwps3p
  active
  !*************************** OWNER ***************************
  owner WHR_Portal
  content Employee_Portal
  vip address 192.168.200.106
  add service adcwps1p
  add service adcwps3p
  advanced-balance arrowpoint-cookie
  arrowpoint-cookie expiration 00:08:00:00
  arrowpoint-cookie expire-services
  active
  !*************************** GROUP ***************************
  group Portal_Servers
  vip address 192.168.200.106
  portmap number-of-ports 57216
  add destination service adcwps1p
  add destination service adcwps3p
  active

  Gilles-
  Thanks for your reply. The clock is correctly set and is using sntp to keep time synchronized.
  I did a sniffer trace like you asked, and I see the page being served from my VIP. I don't, however, see any arrowpoint-cookies. There is a cookie being set, but it is being set by my source server and, unfortunately, does not provide unique information for stickiness.
  Below is part of the TCP decode from the sniffer trace:
  GET /wps/WhrWasLogin HTTP/1.1
  Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*
  Accept-Language: en-us
  Accept-Encoding: gzip, deflate
  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)
  Host: portal.whirlpool.com
  Connection: Keep-Alive
  Cookie: WhrCredZmlzYmVnYzswMDAyQjM0MUU3NDg$=5EEB7C1E3A48E3B8
  HTTP/1.1 200 OK
  Date: Fri, 21 Mar 2003 19:12:59 GMT
  Server: IBM_HTTP_Server/1.3.12.6 Apache/1.3.12 (Unix)
  Pragma: no-cache
  Cache-Control: no-cache="set-cookie,set-cookie2"
  Expires: Thu, 01 Jan 1970 00:00:00 GMT
  Set-Cookie: sesessionid=0001DV51K5P5GZ40PGFTEV3AKJY;Path=/
  Keep-Alive: timeout=30
  Connection: Keep-Alive
  Transfer-Encoding: chunked
  Content-Type: text/html;charset=8859_1
  Content-Language: en

• Arrowpoint Cookies, Reverse Proxy and Multiplexed Client Requests

  Hi,
  I have a reverse proxy which is performing SSL offload and making backend connections to two web servers. Between the reverse proxy and the two webservers, a CSS is in place to load balance between the web servers. There is a requirement for session stickiness on the web servers and since client IP details are lost through the reverse proxy I have used the arrowpoint-cookie method to load balance connections.
  However, the reverse proxy seems to make only a handful of connections to the servers compared to the number incoming client connections and we have noticed that stickiness is broken. Now, I would assume this is correct if arrowpoint-cookie makes a load balancing based on the first HTTP get in a tcp stream and not on a per transaction basis AND our reverse proxy is multiplexing client requests. However, I can not convince myself of how the arrowpoint-cookie method actually works.
  I wondered if anyone had any insight on this or had experienced similar issues with arrowpoint cookies?

  Hi Gilles,
  I have implemented this today, and we are still seeing issues with requests hitting the wrong server.
  A bit more info, the reverse proxy is an AXG Web Aopplication Firewall. I have been looking at this and am considering disabling connection re-use on here.
  However I am also wondering if this might be to do with the flow timeout multiplier I am using which is 5 (80 seconds). Perhaps this is too low?
  Thanks, David.

• Arrowpoint Cookies and their lifetime

  Hi,
  I've a question in regards of arrowpoint cookies. Is the lifetime of a cookie reset every time a new connection with this cookie is setup or counts the liftime after the cookie was set for the first time.
  If the last thing is the case how does the CSS ensure that one sticks to the correct server if the lifetime is over?
  Kind Regards,
  Joerg

  the cookie value contains the server name or ip address.
  Therefore, the CSS does not keep any sticky table for the cookies.
  The normal cookie rules apply regarding lifetime of the cookie on a client.
  What you can do is set the expiration time of the cookie on the client.
  This is done with the command "arrowpoint-cookie expiration"
  Sample config at :
  http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_tech_note09186a0080094398.shtml
  Regards,
  Gilles.

• I have been using the Firefox feature in which I could have multiple sets of tabs open but see only the set I was working with. I updated and now feature is gon

  I have been using the Firefox feature in which I could have multiple sets of tabs open but see only the set I was working with. I updated and now feature is gone. I had a small icon on the upper right side of my toolbar. I used it all the time to keep separate windows for news, financial items, travel plans, etc. Has this been removed from Firefox?

  Hi,
  The [https://support.mozilla.org/en-US/kb/tab-groups-organize-tabs Tab Groups] feature is still present. You can try to right-click the + after the last tab and [https://support.mozilla.org/en-US/kb/how-do-i-customize-toolbars Customize]. If the icon is hidden behind another, or if it's available inside the Customize mini window, you can place it back. If the problem persists, you can also try to '''Reset toolbars and controls:''' and '''Make Changes and Restart''' [https://support.mozilla.org/en-US/kb/Safe%20Mode Safe Mode] start screen.

• Message no. 26269 : Status can only be set when all originals are stored

  Hi,
  While changing status in cv02n, i am getting the below message no-Message no. 26269 : Status can only be set when all originals are stored. I am not getting the message solution in google. please guide me how to come over from this message.
  Regards,
  Mastan.

  Collegues! Have you any idea?
  Found this - [recommendation|http://help.sap.com/saphelp_47x200/helpdata/en/0c/b98e3c90347b17e10000000a114084/content.htm] - how to, but there so simple scenario without details about standart functionality.
  Check In
  You can check in originals, which are saved in the local network, into a storage system. The following originals are indicated by the  icon:
  Originals that are to be checked in for the first time.
  Originals that have already been checked in, and loaded into the local network for changing.
  To do this start WebDocuments. Process the document info record in the change mode.
  Select the original in the Originals dataset.
  Choose Check In. The system determines the storage system based on the system settings, and checks in the original.
  You return to the data sheet. The original application file is indicated by the Checked In  icon.
  Save the document.
  Very simple, but not work, and no details. Castle icon are not locked. DELETE, CANCEL - work, but not CNANGE.
  Maybe my storage system cannot determine the storage system? If it is right, so where can i maintain this option?

• CSS arrowpoint cookie load balancing issue

  Hi guys,
  I need some advice on a load balancing issue.
  We have connections hitting the CSS via a proxy environment. As a result i see only one source ip address. I want to use arrowpoint cookies for session stickeyness. However when i enable the rule the tcp session negotiation fails. The CSS sends a TCP/RST which terminates the session.
  Here's the rule config:
  content HTTP_rule
  add service ZSTS299102
  add service ZSTS281101
  vip address <filtered>
  add service LONS299102
  add service LONS281101
  balance weightedrr
  change service ZSTS299102 weight 5
  change service ZSTS281101 weight 5
  advanced-balance arrowpoint-cookie
  protocol tcp
  port 80
  url "/*"
  active
  Any help would be much appreciated.

  Remko,
  in L3/L4 the CSS sends the SYN directly to the server.
  So when the FIN comes in, we simply pass it to the server.
  With L5 the CSS spoofs the connection and we select the server only after receiving the GET.
  If there was some delay between the GET and the FIN, the CSS would have time to establish a connection with the server and the FIN could be simply forwarded.
  Unfortunately, in this case the FIN is right after the GET with no delay.
  Gilles.

• Problems with Arrowpoint cookies for clients behind a Proxy

  I have in a WebSite clients being load balanced using Arrowpoint cookies to a virtual Server. The CSS load balance between three Apache real servers.
  I have some clients that are behind some kind of Proxy Cache and I have seen with a sniffer that the proxies causing the problem Re-use proxy to our server connections for different requests for multiple clients.
  Then, as I understand the CSS make the forwarding decission based on the cookie of the first request for the first client behind the proxy after establishing the HTTP connection, but when there is a request from other client using this same connection (that must be forwarded to other real server) the request is forwarded to the original web server and fails because we need sticky connections.
  I thought that this wasn't correct but I have read some documents that say that this is called a Proxy role as a "connection cache". Then my question is if there is any workaround for this problem.
  Thanks

  I believe your problem is that the proxy open a few persistent connections with the CSS and loadbalance your client's request over them.
  Once the CSS has associated a connection with a service, it does not look into the request anymore.
  The solution is to disable persistence on the CSS with the command 'no persistent' and 'persistence reset'.
  Find more info at :
  http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_tech_note09186a0080093e06.shtml#crp
  Gilles.

• How to restrict contributor users to  edit only few set of pages

  Hi All,
  We wanted to restrict some of the contributor users to edit only few set of pages,
  is that possible to implement ?
  Can somebody please give some pointers
  Thanks
  Hari

  I was looking for a hint in the documentation and could not find any. This means that either it is something obvious (not to me, unfortunately), or this concept is not native to the Site Studio. This means that all contributors are equal - at least, the section http://docs.oracle.com/cd/E21764_01/doc.1111/e10614/c01_intro.htm#i422918 seems to be written in that way.
  What could you try?
  This section, http://docs.oracle.com/cd/E21764_01/doc.1111/e13650/ssxa_creatingsites.htm#CIHGGCFB , suggests that all contributors are assigned the role WCMContributor. There is probably no finer distinction than that a user has this role or not.
  Then, each of used objects (namely, region definitions, native/contributors files) have its metadata. You could try to give read-only access to those contributors who won't edit the region.
  Last thing, which looks the most promising, but also the most complicated, is that you will dynamically change the region template, based on a user logged in (a sort of self-defined contrib mode). An example can be found in this thread: Display Contributor Regions dynamically (note that the example is about languages, you will need to implement your own logic!)

• Problems with Arrowpoint Cookies

  I have a CSS 11503 set up in a DMZ that is load balancing 2 Netsilica proxies. All worked ok when I used Sticky Scrcip.
  We are also using Akamai externally, they said clients ip may change during use. Tried to use arrowpoint cookies.
  service
  strig xyz
  content rule
  balance aca
  advance balance arrowpoint-cookie
  arrowpoint-cookie expiration 01:00:01:01
  this seems to bounce the users from proxy to proxy.
  Need sticky non source IP , any ideas welcome
  Thanks
  Steve

  Steve,
  first, if you can't use sourceip for stickyness there is no other solution than cookie.
  Arrowpoint cookie should work.
  Veriy with a sniffer trace if the client is sending the cookie with each request.
  Some browser disable cookies.
  Gilles.