Hello everyone,

We have a fairly large IDM 4.0.2 (advanced edition) deployment with 20k+
users and a few dozens of drivers.
We have recently migrated our UA from 3.6.1 to 4.0.2, including the
latest patches.
Here is an issue we're having with contemporary Firefox versions (23.x)
running off Windows 7.

Several users will get two *-_history-* cookies every once in a while.
Once this has happened, the ua-server answers bith a "400 Bad Request"
error message. The only workaround so far is to manually delete any one
of the cookies, and then the user can access the application again. Not
really acceptable for non-techie users !

From what we understand :
* The _history cookie stores the object selection history of the user
(i.e. last chosen users, last selected roles, etc).
* A fresh user just accessing the UA will have only one such cookie.
* Once a user get two cookies, they both have the same name (_history)
but different paths (initial cookie has /IDM/, new cookie has
* This seems to only happen with Firefox.
* This seems to only happen with fairly heavy users generating a lot of
selection history.
* The more a user is active, the fastest he/she gets the duplicate
cookie again

We are trying to analyze the error and reproduce it.

Here is a screenshot of the standard cookie as seen from Firefox's
cookies widget : https://www.dropbox.com/s/6wf5fqakapkg9mz/cookie.png

For NetIQ support staff, we do have a Wireshark capture of the 400 error
message and previous events.

Questions :
* Has anyone witnessed the same or very similar cookies issues, with
Firefox or another borwser ?
* Is anyone able to reproduce the issue ?
* Any idea as to what exactly is going on ?

Thanks ahead for any help !


JeromeBuyle's Profile: https://forums.netiq.com/member.php?userid=3026
View this thread: https://forums.netiq.com/showthread.php?t=48722