Forum Discussion

Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Nov 09, 2013

There's actually a few places you can set an access policy variable.

  • The HTTP_REQUEST event - while this is certainly one place you can set an access session variable, you have to be careful when you set it. As you found out, you had to wait for the client to request /my.policy because there's no access session token prior to this request.

  • The ACCESS_SESSION_STARTED event - this event fires, as the name implies, at the beginning of the session, and unlike the HTTP_REQUEST event, is guaranteed to be inside the access session.

  • A standard variable assignment agent in the visual policy.

  • The ACCESS_POLICY_AGENT_EVENT - assuming you have an iRule event agent in the visual policy BEFORE the agent that needs to do the evaluation, this is a great way to drop into an iRule during policy evaluation to do something crafty, and then proceed. If you have multiple iRule event agents in the visual policy, make sure they all have different ID values, and then you can evaluate the ACCESS::policy agent_id value in this event to fire different code at different points in the visual policy from within the same event. Example:

    when ACCESS_POLICY_AGENT_EVENT {    
    switch [ACCESS::policy agent_id] {        
        "TAG_ID_1" {            
             do something here                
            ACCESS::session data set session.custom.foo "bar"                
        }            
        "TAG_ID_2" {            
             do something here                 
            if { [ACCESS::session data get session.custom.foo] equals "bar" } {
                ACCESS::session data set session.custom.hello "world"           
            }                
        }            
    }
}