APM swallowing JSESSIONID cookie; workaround possible by copying cookie to return stream?
Hi, all - we have a layer 7 VIP secured with an APM policy. The VIP proxies to a Tomcat server, which returns a JSESSIONID cookie after user logon. Sporadically, the F5 does not return the JSESSIONID to the client; it will be working fine for a a few days, then it will kick into a mode where users logon but don't have a Tomcat session tracked to their logon, because they simply don't have a JSESSIONID cookie anymore to send with their next request.
This is similar to what was noted by Davo T, here: https://devcentral.f5.com/questions/apm-sso-config-using-kerberos-to-weblogic-backend-not-supplying-session-id-cookie-on-post-authentication-requests
I'm working this as a case with F5 - but while it's being worked, is there a reliable way to script an explicit copying of the JSESSIONID cookie from the returned stream from the real server, before APM gets its hands on it, then insert it into the reply after APM is done processing? What events would I reference in an iRule to accomplish that? I'm not super familiar with the APM-related event lifecycle, and how it expresses itself in iRules.
In case it matters, the policy in question does the following: - presents a login page, obtains userid, RSA PIN/Code - RADIUS auths against an RSA server - checks a RADIUS filter-id attribute value - checks the URL against an ACL
Thank you!