For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Antoine_80417's avatar
Antoine_80417
Icon for Nimbostratus rankNimbostratus
Feb 12, 2015

APM Session ID not displayed in error page

Hello folks,   I ran into an issue today that you may have already encountered : I am using APM to authenticate users on a web application, and an error page is returned to the user (whatever the r...
BIG-IP Access Policy Manager (APM)
design
security
Adam_Ingle_1300's avatar
Adam_Ingle_1300
Icon for Cirrus rankCirrus
Sep 12, 2017

Replaced the code in Access Policy> Ending Pages> Deny> logout.inc

 

Brad Parker may correct me, but this seems to be working for me:

 

var display_session = "%{session.user.sessionid}";
    if(null != display_session) {
      document.getElementById("sessionDIV").innerHTML = '
%[session_id_caption]  ' + display_session + '
';
      document.getElementById("sessionDIV").style.visibility = "visible";
    }

%{session.user.sessionid} pulls the variable for the session ID off the APM directly when the user started the session, rather than from javascript on the local browser as the original script was configured. Might not work in all conditions, but for simple cases it appears to be working.