Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

cathy_123's avatar
cathy_123
Icon for Cirrostratus rankCirrostratus
Jul 17, 2017

Cookie - Persistence Profile

Hi Guys,   Just a question on Cookie Insert. We have a settings on our VIP to have Cookie insert with a time out of 12 hours. Question would be   What will happen to my session considering tha...
cookie
devops
LTM
persistence
Patrik_Jonsson's avatar
Patrik_Jonsson
Icon for MVP rankMVP
Jul 20, 2017

Hi!

The browser takes care of cookie expiration on the client side when the session ends. At the same time the F5 device would drop the entry from the persistence table.

What you could do is to redirect all users with an iRule that does not have the persistence cookie present? Something like this:

  1. Create a new persistence profile of type cookie and assign a cookie name, ie "persistenceCookie".
  2. Add an iRule that looks something like this:

.

when HTTP_REQUEST {

    If the persistence cookie does not exist and the user is not at the login page, redirect the user to the login page
    if { ![HTTP::cookie exists persistenceCookie] && !([HTTP::uri] starts_with "/login/")}{
        HTTP::respond 302 Location "/login/"
    }

}

You'd need to modify it some of course, but it might do the trick.

/Patrik