For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Oct 24, 2016

Hi,

this one may work...

when CLIENT_ACCEPTED {
    set apmprivate 0
}

when ACCESS_ACL_ALLOWED {
    if {!($apmprivate)} {
         save computer status in tcl variable. the expected format is 0 or 1
        set apmprivate [ACCESS::session data get session.logon.last.private]
        set sessionid [HTTP::cookie value "MRHSession"]
    }
}


when HTTP_RESPONSE_RELEASE {
    if { [info exists apmprivate] && $apmprivate && ![PROFILE::access persistent_cookie] } {
        if {[HTTP::cookie exists MRHSession]} {
            HTTP::cookie expires "MRHSession" [PROFILE::access inactivity_timeout] relative
        } else {
            HTTP::cookie insert name MRHSession value $sessionid path "/"
            HTTP::cookie expires "MRHSession" [PROFILE::access inactivity_timeout] relative
        }
    }
}

the previous irule was changing cookie expiration date even if the cookie was not sent by the server... this irule check if the server send the cookie and add it with right expiration date if not.