Jump to content
Welcome to our new Citrix community!

SameSite Cookie value removed by ADC

chris Mc

Recommended Posts


We are having issues with Cookies being modified by the ADC.  We can see the response from the Server to the NetScaler contains the correct cookie value, but from the NetScaler to client this value has disappeared. 

From backend server to Netscaler:   Set-Cookie: HttpOnly; SameSite=None; Secure
From Netscaler to client: Set-Cookie:  Secure; HttpOnly

Does anyone know how to fix this?

Link to comment
Share on other sites

Thank you for the response

We tried the Load balancing Policy with the Literal ADC Cookie Attribute value “SameSite=none”. But this did not fix the problem, then we tried a rewrite policy I found on CTX269469, we got hits on the rule but no results on the cookies. 

After some more investigating we tried turning off a URL transformation rule and this seems to have solved the problem.

Link to comment
Share on other sites

  • 1 month later...

Are you using cookie based persistence?  If so I believe that to be causing the problem.  The rewrite policy in that article adds it if it is not sent from the backend server to the VIP.  If the value is already being sent by the backend server you'll just want to change your persistence to not be cookie based.


1. Use response RULE based persistence

If the back end application sends a unique cookie for each of the client session, Citrix ADC can use this unique cookie value as a key and create a RULE based persistence entry storing the back end server information corresponding to the cookie received. When the client request comes back with this Cookie, Citrix ADC will use the cookie value as the key and fetch the corresponding back end server to forward the request, hence maintaining the stickiness as achieved by COOKIEINSERT persistence. This approach works only if the back end server sends a unique Cookie key:value pair for each client in the response.

Below is a sample config where back end server sends cookie with the key as SESSIONID. The SESSIONID in the below config must be replaced with the unique cookie key sent by the back end.

set lb vserver lbvs -persistenceType RULE -rule "HTTP.REQ.COOKIE.VALUE(\"SESSIONID\")" -resRule "HTTP.RES.SET_COOKIE.COOKIE(\"SESSIONID\").VALUE(0)"


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...