Forum Discussion
NimbostratusACCESS::session exists not working
This is really killing me...I'm trying to do something simple here just check if a APM sid is valid in the the HTTP_REQUEST event that I had previously stored in a cookie. I know the session is valid, I see it in the gui and in the logs and this [ACCESS::session exists $sessionid] keeps evaluating to 0!! I'm running 10.2.4HF4 didnt see anything about this in the release notes. Support doesn't really "support" iRules I have nowhere to turn....HELP!
thanks -s
Here is my simple simple basic childlike code:
when ACCESS_POLICY_COMPLETED {
set policy_result [ACCESS::policy result]
switch $policy_result {
"allow" {
setup cookie for successful authentication
set apmsession [ACCESS::session data get "session.user.sessionid"]
set apmsessionuser [ACCESS::session data get "session.logon.last.username"]
set apmlanding [ACCESS::session data get "session.server.landinguri"]
set ckvar [format "%s:%s" $apmsession $apmsessionuser]
set apmcookie [format "%s=%s ; path=/; " $ckname $ckvar]
ACCESS::respond 302 Location $apmlanding "Set-Cookie" $apmcookie
log local0. "cookie sent $apmcookie"
}
"deny" {
ACCESS::respond 401 content "Error: Failure in Authentication" Connection Close
log local0. "APM Policy Denied Access"
}
}
}when HTTP_REQUEST {
if { [ HTTP::cookie exists $ckname ] } {
pull authenticated user from cookie
set httpcookie [HTTP::cookie value $ckname]
set httpcookievals [split $httpcookie ":"]
set sessionid [lindex $httpcookievals 0]
set sessionuser [lindex $httpcookievals 1]
table set $sessionid $sessionuser
log local0. "http cookie found-> $httpcookie"
log local0. "table session valid = [ACCESS::session exists $sessionid]"
if { ![ACCESS::session exists $sessionid] } {
do crap here..
}
}5 Replies
when HTTP_REQUEST { Check to see if the session exists in the LastMRH_Session cookie This cookie contains the actual access session ID if { [HTTP::cookie exists LastMRH_Session] } { log local0. "Session ID is [HTTP::cookie value LastMRH_Session]" set mySessionID [HTTP::cookie value LastMRH_Session] set TableEntry "[table lookup -subtable "AccessTable" $mySessionID]" log local0. "For sessionID $mySessionID the entry was $TableEntry" if { $TableEntry ne "" } { HTTP::cookie insert name saved_uri value "$TableEntry" HTTP::uri $TableEntry } } else { log local0. "No cookie called LastMRH_Session yet." } } when ACCESS_POLICY_AGENT_EVENT { if { [ACCESS::policy agent_id] eq "login_success" } { set mySessionID [ACCESS::session data get session.user.sessionid] set myURI [ACCESS::session data get session.server.landinguri] add an entry to the table table add -subtable "AccessTable" $mySessionID $myURI 300 300 log local0. "Session ID: $mySessionID" } }Finally got the irule above to look like real code.
Above is the way i did what you are trying to do.
Versions 11.x handle that automatically. Upgrade if you can, you are missing out on features.
Note: You need to make sure that irule acts on the URI only during the initial request. after that no need to mess with URI.
HTH
steph_85518Thank you for your attention to this, I'm humbled to have the iRule commander and chief helping me out. I will try to make progress with this valuable information.
Steph I am humbled by your generous words. I can think of many guys who are more deserving of this title than I. Colin, Hoolio, Kevin, Nitas...
Let us know how it goes.
Awww, thanks John, but don't sell yourself short. ;)
-Colin
