Forum Discussion

Snl's avatar
Snl
Icon for Cirrostratus rankCirrostratus
Aug 08, 2019

APM sso cookie caching issue

Folks

 

need some help , i have VS were using APM SSO for my jboss web application which working fine with kerberous SSO , the problem is this web doesnt hve logout option , user will close the browser directly , but next time same user open in the same url in the browser APM redirecting to ADFS SSO and getting 302 redirect with CORS error

 

i want to get rid of previously used MHRsesion cookie so that every time browser come with new request (after closed the page and open the url again)were APM assign new cookie for SSO session , when i try chrome incognito its working fine since it doesnt store any cache or APM cookie

 

can below irule help

#fire irule before main SSO irule to remove last browser used apm session cookie for previous session

 

when HTTP_REQUEST priority 80 {

 if { ([HTTP::uri] == "/") && [HTTP::cookie exists MRHSession ] && [ACCESS::session exists [HTTP::cookie value MRHSession]] }{

 HTTP::cookie remove MRHSession }{

HTTP::redirect "https://log.abc.com[HTTP::uri]"

 }

}

 

any help appreciated

  • Snl's avatar
    Snl
    Icon for Cirrostratus rankCirrostratus

    or just remove the session cookie

     

    when HTTP_REQUEST priority 80 {

     if { ([HTTP::uri] == "/") && [HTTP::cookie exists MRHSession ] && [ACCESS::session exists [HTTP::cookie value MRHSession]] }{

     HTTP::cookie remove MRHSession }{

     }

    }

     

  • Sajid's avatar
    Sajid
    Icon for Cirrostratus rankCirrostratus

     HTTP::cookie remove MRHSession

        ACCESS::session remove

     

    https://clouddocs.f5.com/api/irules/ACCESS__session.html

     

    for reference

    when HTTP_REQUEST {

    if {[HTTP::path] contains "/public" } {

    HTTP::cookie remove "LastMRH_Session"

    HTTP::cookie remove "MRHSession"

    }

    }

     

     

    for reference

     

    when HTTP_REQUEST {

    if { ([HTTP::uri] == "/") && [HTTP::cookie exists MRHSession ] && [ACCESS::session exists [HTTP::cookie value MRHSession]] }{

     

    HTTP::redirect "https://[HTTP::host]/vdesk/webtop.eui?webtop=/Common/dfw_vpn_webtop&webtop_type=webtop_full"

     

    } elseif { [HTTP::cookie exists MRHSession] } {

     

    HTTP::cookie remove MRHSession

     

    }

     

    }

     

     

    ************************************

  • Snl's avatar
    Snl
    Icon for Cirrostratus rankCirrostratus

    Hi Sajid

     

    I have seen this irules earlier , my concern is what is the best way to avoid using existing APM session cookie , i am not concern for SSO , user needs re authenticate every time if they close the browser

     

    so what is the best way forward here

     

    • not quite sure what you are looking for now.

       

      the best way to avoid using existing APM session cookies is to not send them from the browser. but if they still exist you have to get them deleted. does iRules can that do that.

       

      what more are you looking for now?

      • Snl's avatar
        Snl
        Icon for Cirrostratus rankCirrostratus

        Hi Boneyard

        does below irule will work ?

        #fire irule before main SSO irule to remove last browser used apm session cookie for previous session
         
         
         
        when HTTP_REQUEST priority 80 {
         
         if { ([HTTP::uri] == "/") && [HTTP::cookie exists MRHSession ] && [ACCESS::session exists [HTTP::cookie value MRHSession]] }{
         
         HTTP::cookie remove MRHSession }{
         
        HTTP::redirect "https://log.abc.com[HTTP::uri]"
         
         }
         
        }