Maximum length/legal characters for JSESSIONID cookie

Question

My setup is using JSESSIONID persistence to load-balance a weblogic application, and the JSESSIONID values they send to the client are quite convoluted:
JSESSIONID=4k97S6kYZcX0LpD5tLLSC54yy9y2fzrtzbR90R6Qd31hGY7QQm2L!916453517
Is that length in bounds of what would work with the following persistence iRule? My version is 9.4.4:
when HTTP_RESPONSE {
    if { [HTTP::cookie exists "JSESSIONID"] } {
        persist add uie [HTTP::cookie "JSESSIONID"]
    }
}
when HTTP_REQUEST {
    if { [HTTP::cookie exists "JSESSIONID"] } {
        persist uie [HTTP::cookie "JSESSIONID"]
    }
}

Thanks.

kevin_stewart · Answer

While there is no prescribed standard limit for cookie sizes, RFC 6265 recommends that a "user-agent" should at least be able to handle 4096 bytes per cookie. Hopefully you don't have cookies that big, but nonetheless it's nothing that the BIG-IP persistence table can't handle. I'd also add that the example JSESSIONID value that you've provided is not uncommonly long.

msz · Answer

We have define 8192 - cookie length and we are getting more than that.
Should We must blocked it?&nbsp;

Forum Discussion

Maximum length/legal characters for JSESSIONID cookie

2 Replies

Recent Discussions

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

google-visualization-issues

google autenticator broken barcode

Related Content

Weblogic JSessionID Persistence

Weblogic JSessionID Persistence for Session Replication

Character Length for Object Names

Persist On Last JSESSIONID in HTTP Parameter

Sanitize special characters in AD groups names