U4-7854 - 7.3.4 Cookies added by load-balancer cause blank page within back office

Created by Robin Minto 28 Jan 2016, 15:58:34 Updated by Sebastiaan Janssen 22 Jun 2017, 07:58:47

Duplicates: U4-9873

Visiting the back office default page in a newly deployed Umbraco resulted in a empty Content pane where I would expect a number of tabs and data.

Chrome dev tools showed a number of XHR requests (e.g. /umbraco/backoffice/UmbracoApi/UpdateCheck/GetCheck) failing with HTTP 417 Missing token null.

Deleting a cookie created by our load-balancer (we're not actually load-balancing the Umbraco back-office) caused the back office to begin working correctly, tabs and data appearing correctly.

The load-balancer creates a cookie named in the form PREFIX. Some experimentation shows that creating a cookie named { causes the issue. We've resolved our issue but this caused us some pain and resolving the cookie handling in Umbraco may help others



Sebastiaan Janssen 28 Jan 2016, 17:11:55

According to this article you should limit the characters used in cookie identifiers to alphanumeric plus:



Technically {} could be allowed but it's not advisable. I don't think this is something we can fix in umbraco, therefore I'm closing this issue and would advise reconfiguring your load balancer.

Robin Minto 29 Jan 2016, 11:19:25

As I say, we've worked around the issue but others may not be so lucky (we can't reconfigure the cookie names in the load-balancer).

The summary in that StackOverflow answer is good: "In the real world we are still using the original-and-worst Netscape cookie_spec, so code that consumes cookies should be prepared to encounter pretty much anything, but for code that produces cookies it is advisable to stick with the subset in RFC 6265"

Priority: Normal

Type: Bug

State: Duplicate


Difficulty: Normal


Backwards Compatible: True

Fix Submitted:

Affected versions:

Due in version:


Story Points: