Forum Discussion

Lucas_Thompson_'s avatar
Lucas_Thompson_
Historic F5 Account

APM already basically does this by redirecting to the hangup page when a session is invalid, if you look closely at the HTTP transactions using httpwatch, httpfox, chrome dev tools, firefox dev tools, fiddler, or a packet capture you can see how it works.

A few notes about it:

  1. ACCESS_SESSION_CLOSED isn't tied to a flow, because the session closes asynchronously to network activity, so you can't call any commands that set variables or make any network flows themselves. Basically the only useful thing you can do here is log.

  2. You'll have to figure out how you'd like this to work in your environment. APM and/or BIG-IP can basically do anything you want, but you'll have to think in terms of HTTP transactions. A web developer or the application vendor should be able to assist you to determine the best way to handle timeouts for your app. Some web apps are "single page" style like OWA, and some web apps are multiple pages. Most are a mixture.

  3. If you want to detect if a session is valid, use something like this where you check for the cookie first in http request, then check the APM session state (I didn't check this so make sure it works for you):

when HTTP_REQUEST {
  if { [HTTP::cookie exists "MRHSession"] } {
     user gave us a cookie, continue
  } else {
     user didn't give us any cookie, stop and let APM do its thing
    return
  }
  
  if { [ACCESS::session exists -state_allow] } {
     user does not have valid session.
  } else {
     user did give us a cookie but session does not exist in allow state
     do the expire stuff here
  }
}
jspiglerj2rsolves's avatar
jspiglerj2rsolves
Icon for Nimbostratus rankNimbostratus
Dec 02, 2016

Thanks Lucas. This makes sense. I'll give this a whirl in my lab and see if this gives me the results I'm looking for.

 

Thanks again