LAG rewrites cookie domain sent by the original server to the public host name

  • 3690949
  • 04-Sep-2007
  • 26-Apr-2012


Novell Access Management 3 Support Pack 1 Release Candidate 2b
Novell Access Management 3 Linux Access Gateway


Authentication to back end application server (Lotus Notes) based on a session cookie (LtpaToken) fails.
Requires session cookie does not get send by the browser client


This issue has been addressed to engineering and will be fixed with the final release of Support Pack 1


Reported to Engineering

Additional Information

A reverse proxy configuration has been created with two accelerators using path based multi homing

For example:
  1. ""
  2. ""
The application behind each accelerator share a command authentication / session cookie which belongs to a particular domain: ""
Only one web server behind a configured accelerator (for example: generates the cookie after a successful authentication

The Linux Access gateway rewrites the application cookie domain component to the public host name instead of rewriting it to the public Domain name


"" will be rewritten to""
instead of rewriting it to ""

Due to this fact the session cookie rewritten by the LAG can not be use with the accelerator ""