For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jason_Jernigan_'s avatar
Jason_Jernigan_
Icon for Nimbostratus rankNimbostratus
Mar 06, 2006

Client SSL Insert

I've got a site using client SSL cert inserted to the header for authentication with the backend web server. The irule is as follows.     when CLIENTSSL_CLIENTCERT {   if { [SSL::cert cou...
application delivery
dev
devops
iRules
unRuleY_95363's avatar
unRuleY_95363
Historic F5 Account
Mar 06, 2006
This may sound a little bizzare, and will eventually be fixed in a future release. The session table actually utilizes the persistence table and as a result, some of the behaviors of the persist table have made there way into how the session table behaves. The issue that is getting you here is what's known as "persist across ...". Since the pool is different, persistence would normally not use the entry unless persist across services or persist across pools is enabled. Obviously, this really isn't appropriate behavior for the session table.

However, you should be able to easily work around it by changing your session lookup like so:
set certfields [session lookup ssl {[SSL::sessionid] any}]

Please let us know if this corrects your problem so we can get it fixed in a future release.

Thanks!