APM: Why can't get the session.user.sessionid in the ACCESS_ACL_ALLOWED?

Question

Hi Friends
    Why can't get the session.user.sessionid  in the ACCESS_ACL_ALLOWED? Thanks 
My iRules:
Codewhen ACCESS_POLICY_COMPLETED {
    set hsl [HSL::open -proto UDP -pool pool_172.16.0.21_syslog] 
    set mysession "session_id=[ACCESS::session data get session.user.sessionid]"
    set timestamp [clock format [clock seconds] -format "%d/%h/%Y:%T %Z" -gmt 1 ] 
    log local0. "access policy completed get session id" 
            }
     when ACCESS_ACL_ALLOWED {
          HSL::send $hsl "&lt;190&gt; $timestamp $mysession 
" 
          log local0. "access policy acl allowed" 
            }`text`

yann_desmarest_ · Answer

Hi,
Maybe you can just get the session id from the LastMRH_Session header ? 
You can get this information by changing your irule to something similar : 
when ACCESS_POLICY_COMPLETED {
    set hsl [HSL::open -proto UDP -pool pool_172.16.0.21_syslog] 
    set mysession "session_id=[ACCESS::session data get session.user.sessionid]"
    set timestamp [clock format [clock seconds] -format "%d/%h/%Y:%T %Z" -gmt 1 ] 
    log local0. "access policy completed get session id" 
}
when ACCESS_ACL_ALLOWED {
    set mysession "session_id=[HTTP::header "LastMRH_Session"]"
    HSL::send $hsl "&lt;190&gt; $timestamp $mysession 
" 
    log local0. "access policy acl allowed" 
}

yann_desmarest · Answer

Hi,
Maybe you can just get the session id from the LastMRH_Session header ? 
You can get this information by changing your irule to something similar : 
when ACCESS_POLICY_COMPLETED {
    set hsl [HSL::open -proto UDP -pool pool_172.16.0.21_syslog] 
    set mysession "session_id=[ACCESS::session data get session.user.sessionid]"
    set timestamp [clock format [clock seconds] -format "%d/%h/%Y:%T %Z" -gmt 1 ] 
    log local0. "access policy completed get session id" 
}
when ACCESS_ACL_ALLOWED {
    set mysession "session_id=[HTTP::header "LastMRH_Session"]"
    HSL::send $hsl "&lt;190&gt; $timestamp $mysession 
" 
    log local0. "access policy acl allowed" 
}

demeter_luo · Answer

Hi Yann Desmarest
Thanks for your suggestions, but my policy is network access and have many tcp and udp application and not just http,How to get session-id in out scenario? thanks again。

demeter_luo · Answer

Hi Yann Desmarest
Thanks for your suggestions, but my policy is network access and have many tcp and udp application and not just http,How to get session-id in out scenario? thanks again。

walter_kacynski · Answer

What is the error message that you get exactly?&nbsp;
Also, you should not use mysession across events like this because these variables have a per TCP flow context.  If, for some reason (HTTP), the TCP connection gets recreated, mysession will no longer be in-scope because ACCESS_POLICY_COMPLETED will not fire for an existing session and ACCESS_ACL_ALLOWED will fail with a TCL runtime error because mysession is no longer present.  Since this value is cached anyway, just re-run [ACCESS::session data get session.user.sessionid] in each event.&nbsp;

Forum Discussion

APM: Why can't get the session.user.sessionid in the ACCESS_ACL_ALLOWED?

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

iRule ACCESS_ACL_ALLOWED VS APM Per-request Policy to insert APM variables in HTTP headers

Re: APM Sharepoint authentication

Re: APM-DHCP Access Policy Example and Detailed Instructions

APM Session Variable Logging

BIG-IP APM: Max Sessions Per User – Enable users to terminate a specified session

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS