Forum Discussion

Demeter_Luo_168's avatar
Demeter_Luo_168
Icon for Nimbostratus rankNimbostratus
Jun 19, 2016

APM: Why can't get the session.user.sessionid in the ACCESS_ACL_ALLOWED?

Hi Friends Why can't get the session.user.sessionid in the ACCESS_ACL_ALLOWED? Thanks My iRules:

Codewhen ACCESS_POLICY_COMPLETED {
    set hsl [HSL::open -proto UDP -pool pool_172.16.0.21_syslog] 
    set mysession "session_id=[ACCESS::session data get session.user.sessionid]"
    set timestamp [clock format [clock seconds] -format "%d/%h/%Y:%T %Z" -gmt 1 ] 
    log local0. "access policy completed get session id" 
            }
     when ACCESS_ACL_ALLOWED {
          HSL::send $hsl "<190> $timestamp $mysession \n" 
          log local0. "access policy acl allowed" 
            }`text`
  • Hi,

    Maybe you can just get the session id from the LastMRH_Session header ?

    You can get this information by changing your irule to something similar :

    when ACCESS_POLICY_COMPLETED {
        set hsl [HSL::open -proto UDP -pool pool_172.16.0.21_syslog] 
        set mysession "session_id=[ACCESS::session data get session.user.sessionid]"
        set timestamp [clock format [clock seconds] -format "%d/%h/%Y:%T %Z" -gmt 1 ] 
        log local0. "access policy completed get session id" 
    }
    when ACCESS_ACL_ALLOWED {
        set mysession "session_id=[HTTP::header "LastMRH_Session"]"
        HSL::send $hsl "<190> $timestamp $mysession \n" 
        log local0. "access policy acl allowed" 
    }
    
    • Demeter_Luo's avatar
      Demeter_Luo
      Icon for Nimbostratus rankNimbostratus
      Hi Yann Desmarest Thanks for your suggestions, but my policy is network access and have many tcp and udp application and not just http,How to get session-id in out scenario? thanks again。
  • Hi,

    Maybe you can just get the session id from the LastMRH_Session header ?

    You can get this information by changing your irule to something similar :

    when ACCESS_POLICY_COMPLETED {
        set hsl [HSL::open -proto UDP -pool pool_172.16.0.21_syslog] 
        set mysession "session_id=[ACCESS::session data get session.user.sessionid]"
        set timestamp [clock format [clock seconds] -format "%d/%h/%Y:%T %Z" -gmt 1 ] 
        log local0. "access policy completed get session id" 
    }
    when ACCESS_ACL_ALLOWED {
        set mysession "session_id=[HTTP::header "LastMRH_Session"]"
        HSL::send $hsl "<190> $timestamp $mysession \n" 
        log local0. "access policy acl allowed" 
    }
    
    • Demeter_Luo's avatar
      Demeter_Luo
      Icon for Nimbostratus rankNimbostratus
      Hi Yann Desmarest Thanks for your suggestions, but my policy is network access and have many tcp and udp application and not just http,How to get session-id in out scenario? thanks again。
  • What is the error message that you get exactly?

     

    Also, you should not use mysession across events like this because these variables have a per TCP flow context. If, for some reason (HTTP), the TCP connection gets recreated, mysession will no longer be in-scope because ACCESS_POLICY_COMPLETED will not fire for an existing session and ACCESS_ACL_ALLOWED will fail with a TCL runtime error because mysession is no longer present. Since this value is cached anyway, just re-run [ACCESS::session data get session.user.sessionid] in each event.