CR 6740071: New Property Controls Session Cookie for Zero Page Authentication

The new com.sun.identity.appendSessionCookieInURL property determines whether OpenSSO Enterprise 8.0 Update 1 ppends the session cookie to the URL for zero page authentication.

Set this property to false to prevent OpenSSO Enterprise 8.0 Update 1 from appending the session cookie to the URL. For example, if an application is filtering incoming URLs for special characters for security reasons and a cookie contains a special character, then access is denied. The default value is true (cookie is appended).

To set the new com.sun.identity.appendSessionCookieInURL property:

1. Log in to the OpenSSO Enterprise 8.0 Update 1 Admin Console.

2. Click Configuration, Servers and Sites, Default Server Settings, and then Advanced.

3. Add the property with a value of true.

4. Click Save.

The com.sun.identity.appendSessionCookieInURL property is hotswappable, which means that you don't have to restart the OpenSSO Enterprise 8.0 web container for a new value to take effect.