Hi James,
I think that's not the right way of doing it.
Try using multi valued option.
Additionally, if you are using IIS webserver, what you are trying to achieve can also be performed by setting following ACO parameter :
IISCacheDisable=yes
Prevent Caching of Server Responses Containing Cookies
IIS web servers use output caching to store their responses. Responses to agents contain cookies. If the IIS web server sends an authentication response from its output cache, a different user could receive the authentication cookie in the cached response.
For example, user one authenticates successfully and the IIS server caches the response with the cookie. If user two accesses the same resource as user one, the IIS web server could possibly return the response for user one to user two.
The product disables the IIS output cache for items containing cookies by default. To revert to the behavior of the previous versions of the product for backward compatibility, change the value of the following parameter to no:
IISCacheDisable
Specifies if the IIS web server stores responses containing cookies in an output cache. The IIS web server sends cached responses before CA Single Sign-On processing occurs. Disabling the output cache forces IIS to authenticate and authorize each transaction. Setting the value of the parameter to yes prevents one user from accidentally receiving authentication or authorization responses that are meant for another user.
Default: Yes (cache disabled)
Reference : https://docops.ca.com/ca-single-sign-on-12-52-sp1/en/configuring/web-agent-configuration/advanced-configuration-settings…
Regards,
Ujwol