Forum Discussion

etherchannel01's avatar
etherchannel01
Icon for Nimbostratus rankNimbostratus
Jun 27, 2023

APM Session Inactivity Timeout

Is there anyway to have APM redirect users back to the APM logon screen if an APM expires due to inactivity? I notice my session does get cleared by APM once my session expires but it doesn't automat...
application delivery
security
whisperer's avatar
whisperer
Icon for MVP rankMVP
Jun 28, 2023

This is my second time trying to post this info, as the damn mobile site version ate my post and gave me some garbage about too many unique posts within 3600s or some BS. Mobile site sux.

Anyway, you can try to accomplish this via irules. The following may be a good framework example:

https://community.f5.com/t5/technical-forum/apm-inactivity-timeout-redirect-or-notification-page-for-ltm-apm/td-p/33219

So, maybe something like the following:

when HTTP_REQUEST {
  if { [HTTP::cookie exists "MRHSession"] } {
    if { [ACCESS::session exists -state_allow -sid [HTTP::cookie "MRHSession"]] } {
      return
    }
  }
  HTTP::redirect "http://login.url.goes.here"
}

So something similar to the above... we check for both a) active APM cookie and b) APM session state... if we are good, we exit the existing iRule. Otherwise, we continue executing and hit the redirect at the end to the login page.

  • etherchannel01's avatar
    etherchannel01
    Icon for Nimbostratus rankNimbostratus
    Jun 28, 2023

    How does this work for an idle session in the browser? This seems to only fire when there are HTTP requests coming in. If I leave my session idle in the browser with no requests going to my BigIP it seems like this rule wouldn't work.