Forum Discussion
APM sso cookie caching issue
Folks
need some help , i have VS were using APM SSO for my jboss web application which working fine with kerberous SSO , the problem is this web doesnt hve logout option , user will close the browser directly , but next time same user open in the same url in the browser APM redirecting to ADFS SSO and getting 302 redirect with CORS error
i want to get rid of previously used MHRsesion cookie so that every time browser come with new request (after closed the page and open the url again)were APM assign new cookie for SSO session , when i try chrome incognito its working fine since it doesnt store any cache or APM cookie
can below irule help
#fire irule before main SSO irule to remove last browser used apm session cookie for previous session
when HTTP_REQUEST priority 80 {
if { ([HTTP::uri] == "/") && [HTTP::cookie exists MRHSession ] && [ACCESS::session exists [HTTP::cookie value MRHSession]] }{
HTTP::cookie remove MRHSession }{
HTTP::redirect "https://log.abc.com[HTTP::uri]"
}
}
any help appreciated
- SnlCirrostratus
or just remove the session cookie
when HTTP_REQUEST priority 80 {
if { ([HTTP::uri] == "/") && [HTTP::cookie exists MRHSession ] && [ACCESS::session exists [HTTP::cookie value MRHSession]] }{
HTTP::cookie remove MRHSession }{
}
}
- SnlCirrostratus
can any one assit
- SajidCirrostratus
HTTP::cookie remove MRHSession
ACCESS::session remove
https://clouddocs.f5.com/api/irules/ACCESS__session.html
for reference
when HTTP_REQUEST {
if {[HTTP::path] contains "/public" } {
HTTP::cookie remove "LastMRH_Session"
HTTP::cookie remove "MRHSession"
}
}
for reference
when HTTP_REQUEST {
if { ([HTTP::uri] == "/") && [HTTP::cookie exists MRHSession ] && [ACCESS::session exists [HTTP::cookie value MRHSession]] }{
HTTP::redirect "https://[HTTP::host]/vdesk/webtop.eui?webtop=/Common/dfw_vpn_webtop&webtop_type=webtop_full"
} elseif { [HTTP::cookie exists MRHSession] } {
HTTP::cookie remove MRHSession
}
}
************************************
- SnlCirrostratus
Hi Sajid
I have seen this irules earlier , my concern is what is the best way to avoid using existing APM session cookie , i am not concern for SSO , user needs re authenticate every time if they close the browser
so what is the best way forward here
not quite sure what you are looking for now.
the best way to avoid using existing APM session cookies is to not send them from the browser. but if they still exist you have to get them deleted. does iRules can that do that.
what more are you looking for now?
- SnlCirrostratus
Hi Boneyard
does below irule will work ?
#fire irule before main SSO irule to remove last browser used apm session cookie for previous session when HTTP_REQUEST priority 80 { if { ([HTTP::uri] == "/") && [HTTP::cookie exists MRHSession ] && [ACCESS::session exists [HTTP::cookie value MRHSession]] }{ HTTP::cookie remove MRHSession }{ HTTP::redirect "https://log.abc.com[HTTP::uri]" } }
- SajidCirrostratus
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com