A client must respond correctly with the appropriate cookies based on the cookie domain. The cookie domain and the path define the scope of the cookie, and notify the browser that the cookies must only be sent back to the server for the given domain and path. This is set on the backend application but can be modified on the NetScaler appliance in situations when the application cannot be changed.

The best approach to modify the Cookie Domain is to use URL Transformation. This is accomplished by creating a URL Transform Profile under Rewrite and then creating a URL Transformation Action.

The URL Transformation Action reads the Set-Cookie responses from the server and changes them as shown in the following screen shot.

In this case, it changes the Domain attribute from .company.com to Domain=server.company.com when it is sent to the client.

Set-Cookie: webunxi-8080-PORTAL-PSJSESSIONID=SMr0ksi,KSIllsldjTn5!-1798724912; Domain=.company.com; Path=/; Secure

The following is the CLI syntax for adding the URL Transformation:

add transform profile CookieDomainRewrite
add transform action CookieDomainRewrite CookieDomainRewrite 1
set transform action CookieDomainRewrite -priority 1 -cookieDomainFrom .company.com -cookieDomainInto server.company.com
add transform policy DomainCookiePolicy

This must be bound either globally if 9.3 and earlier versions are used or at the vserver level in 10.x.

Additional Resources

Refer to NetScaler FIPS Admin Guide for further information.