Forum Discussion
Ronny_Heymans_2
Nimbostratus
NimbostratusAPM Irule to make SSO cookie persistent
Hello,
I'm implementing an access policy containing a login form with a choice for a private of public computer. When the user selects private I want to make the SSO cookie persistent with an irule triggered in an Access Policy Agent event.
Is this possible and if it is how do I make it persistent?
Kind regards,
Ronny
3 Replies
Stanislas_Piro2Cumulonimbus
Hi,
you can try this irule (not tested):
when ACCESS_ACL_ALLOWED { save computer status in tcl variable. the expected format is 0 or 1 set apmprivate [ACCESS::session data get session.logon.last.private] } when HTTP_RESPONSE_RELEASE { if { $apmprivate && ![PROFILE::access persistent_cookie] } { HTTP::cookie expires "MRHSession" [PROFILE::access inactivity_timeout] relative } }
Ronny_Heymans_2It is solved. I had to put the variable in a table. Then it worked. Thanks for the help :-)
- Stanislas_Piro2
Hi,
this one may work...
when CLIENT_ACCEPTED { set apmprivate 0 } when ACCESS_ACL_ALLOWED { if {!($apmprivate)} { save computer status in tcl variable. the expected format is 0 or 1 set apmprivate [ACCESS::session data get session.logon.last.private] set sessionid [HTTP::cookie value "MRHSession"] } } when HTTP_RESPONSE_RELEASE { if { [info exists apmprivate] && $apmprivate && ![PROFILE::access persistent_cookie] } { if {[HTTP::cookie exists MRHSession]} { HTTP::cookie expires "MRHSession" [PROFILE::access inactivity_timeout] relative } else { HTTP::cookie insert name MRHSession value $sessionid path "/" HTTP::cookie expires "MRHSession" [PROFILE::access inactivity_timeout] relative } } }the previous irule was changing cookie expiration date even if the cookie was not sent by the server... this irule check if the server send the cookie and add it with right expiration date if not.
