Environment cookies

If the option Send environment cookies to back-end is enabled in the mapping, Airlock Gateway adds the following Environment Cookies to each back-end request. The default cookie prefix can be configured. However, it is not recommended to change the cookie prefix due to potential incompatibilities and confusion.

The values of the environment cookies are percent-encoded (URL encoded). The back-end must decode the values.

The following cookies are available:

(*) DN format change

The DN format used in the cookies AL_ENV_SSL_CLIENT_I_DN and AL_ENV_SSL_CLIENT_S_DN changed with Airlock Gateway 5.0. The new format supports non-ASCII characters and escapes special characters with backslashes. The legacy format can be enabled using Apache expert settings as follows:

SSLOptions +LegacyDNStringFormat

This option is applicable on all Apache expert setting contexts: globally, on virtual hosts, and on mappings. For more details on Apache SSLOptions, please consult the Apache Manual.

Expert settings

The list below shows the Security Gate - Expert Settings related to this topic. They can be adapted if their default setting does not fit customer needs.

EnvVarCookiePrefix "AL_ENV_"

EnvVarCookiePlainChars "!#$&*-./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ^_`abcdefghijklmnopqrstuvwxyz|~"

ClientFingerprinting.EnvVarCookieExport.Enable "TRUE"

SessionVariable.EnvVarCookieExport.Enable "TRUE"

SessionVariable.EnvVarCookieExport.Name.Pattern ".*"

Airlock support does not recommend changing the environment cookie prefix - this is usually a source of confusion.