Forum Discussion

AaronMLong_1021's avatar
Feb 12, 2014

Maximum length/legal characters for JSESSIONID cookie

My setup is using JSESSIONID persistence to load-balance a weblogic application, and the JSESSIONID values they send to the client are quite convoluted:

JSESSIONID=4k97S6kYZcX0LpD5tLLSC54yy9y2fzrtzbR90R6Qd31hGY7QQm2L!916453517

Is that length in bounds of what would work with the following persistence iRule? My version is 9.4.4:

when HTTP_RESPONSE {
    if { [HTTP::cookie exists "JSESSIONID"] } {
        persist add uie [HTTP::cookie "JSESSIONID"]
    }
}
when HTTP_REQUEST {
    if { [HTTP::cookie exists "JSESSIONID"] } {
        persist uie [HTTP::cookie "JSESSIONID"]
    }
}

Thanks.

  • While there is no prescribed standard limit for cookie sizes, RFC 6265 recommends that a "user-agent" should at least be able to handle 4096 bytes per cookie. Hopefully you don't have cookies that big, but nonetheless it's nothing that the BIG-IP persistence table can't handle. I'd also add that the example JSESSIONID value that you've provided is not uncommonly long.

     

  • MSZ's avatar
    MSZ
    Icon for Nimbostratus rankNimbostratus

    We have define 8192 - cookie length and we are getting more than that. Should We must blocked it?