Forum Discussion
APM Session Variables fail to update in cache
I thought maybe someone can help me understand this. I have a Access Policy that contains a macro loop. Inside the macro there is a event id called in an irule that sets a session variable for example session.custom.test = 1. I then have a empty action that looks at this variable to determine which path in the policy it takes. I have found that any iteration of the loop after the first, the Access Policy does not read the updated value of this variable, but the past value from the first iteration of the loop.
I thought well maybe just setting it in the irule will not update the cache and VPE is pulling from cache. So I created a temp variable in the irule and then I set it to the session.custom.test in a variable assign inside the VPE. Same results. Can anyone tell me what I am doing wrong? Seems like a fairly simple procedure to be stuck on.
- Seth_CooperEmployee
Hi Brett,
You are running into a known issue. It is being tracked with ID 420284 and will be fixed in the next major release. There is no easy workaround for this.
Basically once APD gets the variable from memcache (iRule) then it caches the value and will not go back to memcache during that same session.
In the past I have seen where people use a counter loop and other logic in the iRule and VPE to make this work.
-Seth
- Seth_CooperEmployee
Here is a workaround I have used in the past.
Add this iRule to the Virtual Server...
when ACCESS_POLICY_AGENT_EVENT { if { [ACCESS::policy agent_id] eq "my_dns_lookup" } { if { [ACCESS::session data get session.my_loop_counter] eq "1" } { set hostname [ACCESS::session data get session.logon.last.MyHostDestination] ACCESS::session data set session.HostIP_1 [RESOLV::lookup @10.10.10.10 -a $hostname] set found [ACCESS::session data get session.HostIP_1] log local0. "Host: $hostname ...and what we found:$found ." } elseif { [ACCESS::session data get session.my_loop_counter] eq "2" } { set hostname [ACCESS::session data get session.logon.last.MyHostDestination] ACCESS::session data set session.HostIP_2 [RESOLV::lookup @10.10.10.10 -a $hostname] set found [ACCESS::session data get session.HostIP_2] log local0. "Host: $hostname ...and what we found:$found ." } elseif { [ACCESS::session data get session.my_loop_counter] eq "3" } { set hostname [ACCESS::session data get session.logon.last.MyHostDestination] ACCESS::session data set session.HostIP_3 [RESOLV::lookup @10.10.10.10 -a $hostname] set found [ACCESS::session data get session.HostIP_3] log local0. "Host: $hostname ...and what we found:$found ." } } }
In the VPE...
-
Create a new Variable Assign Object at the beginning of the policy (before the macro)
Name: my_loop_counter initial Assignment: session.my_loop_counter = Text 0
-
Create a new Variable Assign Object after the form where they enter the hostname.
Name: my_loop_counter_assign Assignment: session.my_loop_counter = expr { [mcget {session.my_loop_counter}] + 1 }
-
Create a new Variable Assign Object after the iRule Event Object (you will need to use the ID "my_dns_lookup" for the iRule Event Agent).
Name: Variable Assign Assignment: session.HostIP = if { [mcget {session.my_loop_counter}] eq "1" } { expr { [mcget {session.HostIP_1}] } } elseif { [mcget {session.my_loop_counter}] eq "2" } { expr { [mcget {session.HostIP_2}] } } elseif { [mcget {session.my_loop_counter}] eq "3" } { expr { [mcget {session.HostIP_3}] } }
You will then need to do your session.HostIP check later in the VPE.
I hope this helps you get this configured.
-Seth
-
- bdavisNimbostratus
Thank you for the detailed feedback. I will take a look at this workaround and see if I can incorporate it into our design for the time being until the bug is resolved. Thanks for the help, I thought I was going crazy. :)
- dupapaNimbostratus
My BigIP version is 16.1.4.1 and it's already 2024. And I still can reproduce the same issue with my Macro😓
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com