Access policy evaluation is already in progress for your current session.

Question

I have an access policy to provide single sign-on amongst a set of Windows (NTLM) authenticated web sites. I have set up a 'Logout URI Include' in the 'Configurations' of the Access Profile. For the most part logging in and out works quite well.&nbsp;
&nbsp;Occasionally however logging out throws up some problems. The following events usually do it:&nbsp;
&nbsp;- URI it takes longer than the timeout value to display the page, then browse to another page.
&nbsp;- Stay on the logout page for a long time then try and visit the site again.
&nbsp;- During the logout timeout period start hitting other pages on the site.&nbsp;
&nbsp;The following message is displayed by the APM. It's not terribly friendly, but clicking on the link will let you log in again but will create unnecessary APM sessions:&nbsp;
&nbsp;Access policy evaluation is already in progress for your current session.
&nbsp;You may see this message, if you are using a different browser tab than the one where you started the access policy initially. Please continue to finish your access policy in the previous browser tab, and close this current window immediately.&nbsp;
&nbsp;If you have reached to this message due to some other error, click here for creating a new session.&nbsp;
&nbsp;Has anyone got any suggestion on why this is happening, where I can find more info on problems with APM sessions and logging out or how to avoid this problem.&nbsp;
&nbsp;Regards,
&nbsp;Darryl&nbsp;&nbsp;

kevin_stewart · Answer

The already in progress error page, for the most part, is triggered when you attempt to access a non-APM URI:
During the access policy evaluation, andWith a URI that doesn't match the original URI - stored in the session.server.landinguri session variable.
Not sure if this will help you, but the following should ensure that a non-APM/non-original URI does not trigger the in progress error:
when HTTP_REQUEST {
    if { ( [HTTP::cookie exists MRHSession] ) and not ( [ACCESS::session exists -state_allow [HTTP::cookie value MRHSession]] ) } {
        if { ( [HTTP::uri] ne [ACCESS::session data get session.server.landinguri] ) and not ( [ACCESS::session data get session.server.landinguri] eq "" ) } {
            HTTP::redirect [ACCESS::session data get session.server.landinguri]
        }       
    }
}

The idea is this. If an HTTP request comes in that:
Has the MRHSession cookieHas an access policy that is not completed, andThe request URI does not match the landinguri variable
redirect back to the landinguri URI.

tll_91858 · Answer

Darryl,&nbsp;
 &nbsp;
Did you ever get this figured out?  I've got the same message showing up after implementing my APM policy for SSO.&nbsp;
 &nbsp;
Tom&nbsp;

mandrake · Answer

Any luck with this error message ? i get it when i hit the root path and then try to change uri without log in. I ideally expect it to get back to login screen

asim_sharfuddin · Answer

I have the same problem, did you guys got the solution?&nbsp;

Forum Discussion

Access policy evaluation is already in progress for your current session.

Recent Discussions

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

Related Content

Custom APM Logon page Access policy evaluation is already in progress for your current session

Powering Progressive Deployment in Kubernetes with NGINX and Argo Rollouts

F5 Distributed Cloud Network Firewall Rule Evaluation and Packet Flow

Intermediate iRules: Evaluating Performance

Enforcing individual APM Policy "In Progress Sessions Limits"

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS