Error: Cookie Manager failed to complete all actions for the configured Cookie Rule.

[Markus Tressl]

OK, I have a very odd situation here.

We got a new GSA since the old one was out of support. Appliance ID went T3 to a T4.

After the initial network setup the T3 configuration was transferred to the T4 box, without any issues. Reindexing started and was finished a couple hours later, ~70k pages indexed and served. All good, frontends working and also dynamic navigation and expert search were fine.

Today I discovered expert search not working any more, so I checked the index and found the following error in my people profile pages:

Error: Cookie Manager failed to complete all actions for the configured Cookie Rule.

I tried to reindex some of the pages, ending with the same error.

NOTHING was changed either in the server setup or in the GSA config. It just stopped working.

Access to these now non-indexable pages is done via forms authentication. I double checked this config and it is the same like on the old T3 box, I even re-did these rules. No luck.

Anyone of you guys have an idea what might be the problem?

Thx for your help.

Markus.

[Dave Watts]

> Today I discovered expert search not working any more, so I checked the
> index and found the following error in my people profile pages:
>
> Error: Cookie Manager failed to complete all actions for the configured
> Cookie Rule.
>
> I tried to reindex some of the pages, ending with the same error.
>
> NOTHING was changed either in the server setup or in the GSA config. It just
> stopped working.
> Access to these now non-indexable pages is done via forms authentication. I
> double checked this config and it is the same like on the old T3 box, I even
> re-did these rules. No luck.

What do you see in Real-time Diagnostics for one of the pages in question?

Dave Watts, CTO, Fig Leaf Software
1-202-527-9569
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, online, or onsite.

[Markus Tressl]

As far as I understand there are no irregularities. I did check this before.

But I found the following in the release notes of the latest update (Shellshock): 

• 2959791 - Entries in the 'HTTP Headers' page are not included in the Forms Authentication wizard HTTP requests.

So I reverted back the SW version and now it seems to work - again.

Wondering if they test their shit before sending out a release.

[Dave Watts]

> As far as I understand there are no irregularities. I did check this before.
> But I found the following in the release notes of the latest update
> (Shellshock):
>
> 2959791 - Entries in the 'HTTP Headers' page are not included in the Forms
> Authentication wizard HTTP requests.
>
> So I reverted back the SW version and now it seems to work - again.
> Wondering if they test their shit before sending out a release.

If you don't mind sharing, what custom headers are you sending?

This actually makes sense, given the nature of Shellshock - it
basically involves injecting environment variables, and HTTP headers
are treated as environment variables via CGI.

[Markus Tressl]

Accept: */*
Accept-Ranges: *

I do not really know why we need those, but stuff does not works w/o.

[Dave Watts]

> Accept: */*
> Accept-Ranges: *
>
> I do not really know why we need those, but stuff does not works w/o.

You should not need either of those. The Accept request header lets
the client specify what kinds of responses it'll accept, and in its
absence the server should be able to respond how it likes. The
Accept-Ranges header is actually a response header, and should not be
sent from the client at all - it should be received from the server.

http://en.wikipedia.org/wiki/List_of_HTTP_header_fields

[Bharani]

Hi,
I have checked the url in the Real Time Diagnostics. It shows as "Fetch completed. State of the url is downloaded"
but still in the crawl diagnostics the status is showing as Error: Cookie Manager failed to complete all actions for the configured Cookie Rule.

[John Wild]

I ran into the exact same issue. The response Google sent me fixed the issue - 7.2 changes how auth works. Try adding the URL to your follow patterns.

"The error you are getting usually connected to issue with your SSO server is not added in 'Follow Patterns'. Starting from 7.2 you should add SSO server URL in 'Follow Patterns' to allow GSA get cookies from it."

[Markus Tressl]

Following Dave's suggestion form 10/10/14 I removed the Accept-Ranges headers and started all over, with the suggested 7.2 changes how auth works (adding the URL to your follow patterns).

Now the strange Cookie Manager Error is gone, all seems to work like a charm.