For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

justjonathan_15's avatar
justjonathan_15
Icon for Nimbostratus rankNimbostratus
Apr 22, 2016

Checking Persistence iRule

Hi all,   We were supplied an iRule to use for a Java based application which gives out a session ID.   Since deploying our F5's to this application, we have noticed strange activity with user se...
application delivery
devops
iRules
LTM
IanB's avatar
IanB
Icon for Employee rankEmployee
Apr 23, 2016

I suggest you uncomment the three log lines that are currently commented out, and see if that shines any light on what's going on.

 

There are two paths through that code that will end up persisting on SSL session ID, which is a disaster waiting to happen, since the SSL session ID can change as often as every few minutes, depending on the client.

 

You really should be persisting on something that is expected to remain static, like a session ID that the server passes back to the client as an HTTP cookie