We are using Custom login page (FTL) where by, on Post call of the Custom login form, we are validating the same on Server, once that is correct, we are making a POST request to custom fcc (custom.fcc) to authenticate the User.
Once we get the response, we check for SMSESSION over there and add this into the servlet response, if we get, we redirect the user to the target, else we show the user error.
But somehow, we are unable to retain Cookie during the transaction i.e when the Post Call is made to custom.fccAlso, with this approach, we are getting more than 1 SMSESSION Cookie during the journey i.e one SMSESSION gets created when we make a post to custom.fcc with FQDN (a.domain.com), where else for the subsequent protected request, another one gets created (*.domain.com)Can any one help us with a sample code, where by cookies can be handled efficiently?
I am guessibg that you have a centralized login web agent and also separate web agent for protecting resource.
In such case if you have separate cookiedomain, it is expected that there will be multiple smsession cookie. To remidy this make sure cookiedomain ACO matches for both the web agents.
No Ujwol, we are having 2 webagents and both are pointing to same Policy Store, where we have defined protected realms, but as you know, we are not using login.fcc directly, but indirectly through application server (POST CALL) -> webagent, then back to the app server and then redirecting the user to successive page.Please help.
What is the value for cookiedomain/coookiedomainscope param?
same ACO is being referred Ujwol.Also we have not specified any value in cookiedomain, though cookiedomainscope is set to 0.
I think setting the cookiedomain parameter to .company.com or setting the cookiedomainscope to 2 would help. Or for you custom fcc request you could add a host header to the request so that it matches the incoming host header for the other request. In that case the cookie domain would be evaluated to the same value.
Thanks all, somehow it worked.