Cookie RFC compliant? Unusual use case
I'm investigating some interesting security events when implementing ASM rules against a VIP. The ASM logs list an event that the request contains "Cookie not RFC-compliant" due to "Invalid character after cookie value". The example that is given is:
PrivacyStatementAccepted="{\"6382DAC1...0269CA1C\":1433895609216}"
where the invalid character starts at the '6' in ...="{\"6...
I understand that this is an unusual format, but the logic from the developer team is that the second (and third) double quote is escaped by the backslash and should not be considered the end of the cookie value. It seems like the cookie value is actually a name/value pair in this case. After reviewing the RFC and F5 SOL7776, I'm not trying to argue the intent of the RFC, but am wondering if there is a valid workaround in the ASM (other than disabling the alert) while we re-architect this cookie value.