Forum Discussion

samdlee_305622's avatar
samdlee_305622
Icon for Nimbostratus rankNimbostratus
May 07, 2019

Complex session management

Hi,

 

Assume that my company provides many login methods with different authentication level and user goes to https://www.mycompany.com/apm-enabled-auth1-url, the APM evaluations is started and one external login page with username and password is being displayed on frontend. On the GUI, user can also easily to switch a higher authentication level login method with two factors, i.e by clicking link https://www.mycompany.com/apm-enabled-auth2-url, which is associated with another AAA server on BigIP.

 

Since there is already an existing, started, but unfinished APM session on BigIP, the newly incoming http request for another APM enabled url, https://www.mycompany.com/apm-enabled-auth2-url will trigger some strange BigIP internal access_notfound.php3. Can someone shed the light on what is the right way to handle these situations, reusing the started APM session for the second url or remove the existing and start a new APM session? if a new APM session has to be created, is there a way to migrate some session attributes from the previous APM session to the new APM session for the second url?

 

thanks a log in advance!

 

  • Not sure if it helps, but you could try switching your access policy scopes to "virtual" instead of "global", then the session (and the according cookies) should only be valid for the virtual you are currently on.

     

    Cheers,

     

    Rene