A user commented that Stingray Traffic Manager sometimes adds a cookie named 'X-Mapping-SOMERANDOMDATA' to an HTTP response, and wondered what the purpose of this cookie was, and whether it constitited a privacy or security risk.
Transparent Session Affinity
The cookie used used by Stingray's 'Transparent Session Affinity' persistence class.
Transparent session affinity inserts cookies into the HTTP response to track sessions. This is generally the most appropriate method for HTTP and SSL-decrypted HTTPS traffic, because it does not require the nodes to set any cookies in their response.
The persistence class adds a cookie to the HTTP response that identifies the name of the session persistence class and the chosen back-end node:
When subsequent requests in that session are processed and the same sesison persistence class is invoked, it inspects the requests to determine if the named cookie exists. If it does, the persistence class inspects the value of the cookie to determine the node to use.
The unique identifier in the cookie name is a hashed version of the name of the session persistence class (there may be multiple independent session persistence rules in use). When the traffic manager processes a request, it can then identify the correct cookie for the active session persistence class.
The value of the cookie is a hashed version of the name of the selected node in the cluster. It is non-reversible by an external party. The value identifies which server the session should be persisted to. There is no personally-identifiable information in the cookie. Two independent users who access the service, are managed by the same session persistence class and routed to the same back-end server will be assigned the same named cookie and value.