Sun Java System Access Manager 7.1 Release Notes

New com.sun.identity.appendSessionCookieInURL property (6740071)

The new com.sun.identity.appendSessionCookieInURL property determines whether Access Manager appends the session cookie to the URL for zero page authentication. Set this property to false to prevent Access Manager from appending the session cookie to the URL. For example, if an application is filtering incoming URLs for special characters for security reasons and a cookie contains a special character, then access is denied The default value is true (cookie is appended).