Forum Discussion
APM: Why can't get the session.user.sessionid in the ACCESS_ACL_ALLOWED?
Hi Friends Why can't get the session.user.sessionid in the ACCESS_ACL_ALLOWED? Thanks My iRules:
Codewhen ACCESS_POLICY_COMPLETED {
set hsl [HSL::open -proto UDP -pool pool_172.16.0.21_syslog]
set mysession "session_id=[ACCESS::session data get session.user.sessionid]"
set timestamp [clock format [clock seconds] -format "%d/%h/%Y:%T %Z" -gmt 1 ]
log local0. "access policy completed get session id"
}
when ACCESS_ACL_ALLOWED {
HSL::send $hsl "<190> $timestamp $mysession \n"
log local0. "access policy acl allowed"
}`text`
- Yann_Desmarest_Nacreous
Hi,
Maybe you can just get the session id from the LastMRH_Session header ?
You can get this information by changing your irule to something similar :
when ACCESS_POLICY_COMPLETED { set hsl [HSL::open -proto UDP -pool pool_172.16.0.21_syslog] set mysession "session_id=[ACCESS::session data get session.user.sessionid]" set timestamp [clock format [clock seconds] -format "%d/%h/%Y:%T %Z" -gmt 1 ] log local0. "access policy completed get session id" } when ACCESS_ACL_ALLOWED { set mysession "session_id=[HTTP::header "LastMRH_Session"]" HSL::send $hsl "<190> $timestamp $mysession \n" log local0. "access policy acl allowed" }
- Demeter_LuoNimbostratusHi Yann Desmarest Thanks for your suggestions, but my policy is network access and have many tcp and udp application and not just http,How to get session-id in out scenario? thanks again。
Hi,
Maybe you can just get the session id from the LastMRH_Session header ?
You can get this information by changing your irule to something similar :
when ACCESS_POLICY_COMPLETED { set hsl [HSL::open -proto UDP -pool pool_172.16.0.21_syslog] set mysession "session_id=[ACCESS::session data get session.user.sessionid]" set timestamp [clock format [clock seconds] -format "%d/%h/%Y:%T %Z" -gmt 1 ] log local0. "access policy completed get session id" } when ACCESS_ACL_ALLOWED { set mysession "session_id=[HTTP::header "LastMRH_Session"]" HSL::send $hsl "<190> $timestamp $mysession \n" log local0. "access policy acl allowed" }
- Demeter_LuoNimbostratusHi Yann Desmarest Thanks for your suggestions, but my policy is network access and have many tcp and udp application and not just http,How to get session-id in out scenario? thanks again。
- Walter_KacynskiCirrostratus
What is the error message that you get exactly?
Also, you should not use mysession across events like this because these variables have a per TCP flow context. If, for some reason (HTTP), the TCP connection gets recreated, mysession will no longer be in-scope because ACCESS_POLICY_COMPLETED will not fire for an existing session and ACCESS_ACL_ALLOWED will fail with a TCL runtime error because mysession is no longer present. Since this value is cached anyway, just re-run [ACCESS::session data get session.user.sessionid] in each event.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com