Forum Discussion

cymru81's avatar
cymru81
Icon for Altocumulus rankAltocumulus
Sep 12, 2013

APM page cannot be displayed...

Hi, We are just initially setting up our Big IPs with APM license. We seem to be pretty much there with our policy etc. just we have noticed when we logout and then 'click here to open a new session'...
BIG-IP Access Policy Manager (APM)
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Sep 12, 2013

In the access policy configuration properties, on the "SSO / Auth Domains" tab, you should see three check boxes in the "Cookie Options" section.

 

The Secure option sets the secure flag in the Set-Cookie header to the client. This tells the browser to only send the cookie back in a secure communication (vi HTTPS).

 

The HTTP Only option sets the httponly flag in the Set-Cookie header to the client. This tells the browser to not allow script-based access to cookies, and can help prevent (slow down) some cross-site scripting attacks.

 

The Persistent option sets the expires flag in the Set-Cookie header to the client and includes a date/time value. This causes the browser to store the cookie in the file system. If the option is not checked, the cookie is "session-based" and only resides in browser memory and is deleted when the browser closes.

 

Now that I'm thinking about though, you're not closing the browser between sessions, so it's probably not a cookie thing. What you want to see in the capture is anything anomalous. I can't really say what that is until you've tried it. Also, do you see anything odd in the APM logs?