ARERR 9506 caused by HTTP 403 on udd.js when using Remedy AR System Mid Tier

Version 1
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    Remedy AR System Server


    AR System Mid Tier


    Midtier 9.x, 19.x, 20.x



    • ARERR 9506 displays when form is requested
    • Fiddler capture shows request for udd.js results in HTTP403
    • Fiddler capture shows the response to the LoginServlet call sets the HTTPOnly flag on all cookies including  MJUID
    • Fiddler capture shows the request for udd.js file is sent with the parameter ui=null
    • Detailed Midtier log shows the following:   >  Possible Cross-Origin request detected. Refusing request for udd.js



    MJUID cookie has the HTTPOnly flag set so browser side scripts cannot set the ui parameter correctly


    The request for udd.js fails because the ui parameter is null. The reason for this is that all cookies are set to be httponly. This causes problems as some cookies need to be set  and accessed by the clientcode, setting the flag does not allow this and the cookies cannot be accessed. In this particular case the MJUID cookie is affected.

    This is a web server / reverse proxy configuration problem. From a security standpoint, only the session cookie (JSESSIONID) needs to be protected, Mid-Tier already automatically flags this cookie as httponly. You have to disable the httponly filter on your web server.


    Article Number:


    Article Type:

    Solutions to a Product Problem

      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles