Forum Discussion

Nimbostratus

Jun 13, 2007

Cookie Rewrite & ASPSESSIONID Mk. II

Hi - well looks like my previous post got foobar'd somehow. Anyway thanks to willms & hoolio for their valuable input!! I amended willms iRule slightly to: when HTTP_RESPONSE { ...

Cirrostratus

Jul 19, 2007

Some background info on the aspsessionid cookie:

IIS sets a cookie named ASPSESSIONID followed by 20 alpha characters. The 20 characters are dynamically generated based on the process ID of the IIS instance. So as long as the instance is up, the dynamic string will be the same. If the instance is restarted, the PID changes and consequently the dynamic string changes.

So you can persist off of the cookie name as a whole, or just the dynamic part of the string. There are a few advantages to using this method instead of the cookie value:

- the cookie name changes less frequently compared with the cookie value

- you don't have to worry about the client changing the cookie value

- you only have one persistence record per web server--instead of one per client.

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Cookie Rewrite & ASPSESSIONID Mk. II

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

Can I use F5 Big-IP WAF as HoneyPot

ssh on slot1 failed f5 viprion

SSH forward proxy

Multiple Default Gateways

ASM Sec-CH-UA-Full-Version-List backquote in Header

Related Content

Rewriting Redirects

Cookie-based DDoS protection

Rewriting iRules...LIVE!

2. SYN Cookie: Operation

1. SYN Cookie: Intro

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS