I would have more information about "Enable Rewrite Cookie Domain" SPS parameter.
The documentation states:
enablerewritecookiedomainInstructs the SPS to rewrite the cookie domain from the domain set by the server sitting behind the proxy to the domain of the initial request.
Here my use case condition:
I know that for best practice the web agent should be enabled on the SPS and not on the backend server, but I have no any other chance.
Trying to access the protected resource via CA SPS (with the URL http://app.domain-sps.com/dummy/resource.html), the Web Agent installed on backend web server redirect the user to the authentication page. After successful authentication the backend web agent set the SMSESSION with the domain ".internal-domain.com" and redirect the client to original protected resource. The client requests once again the protected resource (http://app.domain-sps.com/dummy/resource.html) but does not send the SMSESSION because the domain in the cookie (.internal-domain.com) is different from the one requested (.domain-sps.com). Due to this the backend web agent promts the user with the login form once again.
Honestly this makes sense to me, but I hoped that the with the paramenter enablerewritecookiedomain=yes the SPS would rewrite the cookie domain.
Does the "Enable Rewrite Cookie Domain" work only for third party cookies and not for SMSESSION?
Any other suggestion/information about?
Thanks in advance,
There is a quirk, in SPS that :
will only works when the The Web Agent for the SPS is enabled.
I don't believe that should be the case, so my personal opinion is that it is a bug, but that is how it currently works.
The handing of SMSESSION may be special, but from what your describing above it would seem the rewrite of the domains would not be occurring even for normal set-cookie commands.
Are you able to enable the webagent, (but perhaps make the resources unprotected) in the SPS to see if that works for you?
I have a related case I am working on at the moment (where if you have host only set-cookie, which has no domain, then sometimes you may still want SPS to write the new domain). So otherwise, If you want we can open a support case and persue it as product bug.
Cheers - Mark
first of all sorry for the delay in response.
Unfortunatelly at the moment I'm not able to enable the webagent in the SPS (as you suggested); hence I cannot verify the enablerewritecookiedomain behaviour for normal set-cookie commands.
As soon as I can do it, I will try and I will update this post.
Thanks again for your help.