Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[BUG] At Least Some Special Characters are Allowed in ai_user and ai_session Cookie Values
See original GitHub issueDescription/Screenshot
I recently observed that forward-slash (/) and plus sign (+) characters are there in the sdk generated random identifiers. As mentioned in the documentation, app insights SDK track these values in ai_user and ai_session cookies. Recently one of our request was get blocked by Azure WAF rules because the ai_session cookie was containing a illegal value. The value was something like,
RqjfPhfhetEwksnxdxnvxhje4/ls|3425564716255|3426573612432
which contains /ls in the value, which we believe the reason for the WAF block.
(Please note this is a modified cookie value)
lsis a command use by Unix-like operating systems.
Issue Analytics
- State:
- Created 2 years ago
- Comments:5 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Yes anything can be inside a cookie, cookies are not “executed”
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.