Intelligent Application Gateway 2007 cannot parse cookies that contain comma characters

This article has been archived. It is offered "as is" and will no longer be updated.
On a Microsoft Intelligent Application Gateway 2007 client, you receive an "Error Code 109" error page that includes the following error message:
Could not access the site due to the following error:
Internal error
Additionally, the WhlFilter trace displays some error information. This error information varies depending on the Intelligent Application Gateway version.
This problem occurs when a cookie value contains a comma (,). According to Request for Comments (RFC) 2109, separation between cookies can be presented either by a semicolon (;) or a comma (,). If a browser sends a request with a cookie value that contains more than one '=' and comma sign in the value, Intelligent Application Gateway uses the second comma as a delimiter. Therefore, more cookies are detected in the cookie header array than expected. This problem occurs before any other processing and has a subsequent effect further down in the processing stream when Intelligent Application Gateway tries to parse the cookie headers. This behavior breaks cookies that contain commas in the cookie value.

Cookie name: USERS_GROUPS
Cookie value: cn=Contoso_Departmental_Administrators,ou=groups;
In newer RFC specifications, only the semicolon character can be a cookie separator. Therefore, if more than one cookie is present, cookies are separated by commas. Each cookie begins with a "NAME=VALUE" pair, followed by zero or more attribute-value pairs that are separated by semicolons. Some defined attributes use comma as a separator. Therefore, the code has been changed accordingly.
To resolve this problem, apply Intelligent Application Gateway 2007 Service Pack 2 Update 1. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
968384 Description of Update 1 for Intelligent Application Gateway 2007 Service Pack 2
To avoid this problem, make sure that all the special characters are URL encoded in your Web application's cookies.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about cookie setting, visit the following RFC documention:For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Article ID: 962860 - Last Review: 01/15/2015 09:33:50 - Revision: 1.1

Microsoft Intelligent Application Gateway 2007

  • kbnosurvey kbarchive kbexpertiseinter kbsurveynew kbbug kbfix kbqfe KB962860