APM subsession variables disappear before session is terminated
Hi
We are currently trying to access APM subsession variables in a Per-Request policy.
The subsession variables contains user information gathered when validating users with a OAuth client "branch".
We would like to keep the username eg. subsession.oauth.client.last.id_token.preferred_username throughout the entire session. However, after around 15 minutes it disappears but the session remains (this matches the Max subsession life timeout value of 900 seconds). When the subsession expires users are not validated once more as their session is still valid and the subsession variable is now "blank". This makes the session logs "anonymous" after 900 seconds and requires extended log searching to find the user of the session (searching for the session ID and finding the originating username from when the session was established).
It seems that it is not possible to persist subsession variables to the main session variables.
If I add the OAuth branch in the Per Session policy the variables persists, which I would assume is expected behavior. However, this is not a feasible solution, as we branch HTTP HOST's and validate users with different OAuth Servers (Azure App reg). This is only possible in the Per-Request policy.
Any advise would be greatly appreciated :-)
Cool use of subsessions! There's a lot of power here, but parts of it are hard to understand. And hard to explain!
The subsession object has some properties:
The "max subsession life" essentially says how long the variables will last in the sessiondb. You may set this value up to 604800, so that the subsession can last 1 week. Keep in mind that the subsession relies on the main session, so it also must stay alive in order to hold the data.
If you haven't yet discovered the "sessiondump" CLI command, it's very helpful when working with subsessions.
Also I'm fairly sure you can use iRules to copy subsession vars into session vars when executing them (via iRule agent) inside of the subession. When you use the set-variable agent in a subsession, it will only save subsession variables (as you've found). This is more of a convenience thing than a limitation.