For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Julian_Grunnell's avatar
Julian_Grunnell
Icon for Nimbostratus rankNimbostratus
Jun 12, 2007

Cookie Rewrite & ASPSESSIONID

Hi - got a problem with session persistence and am wondering if an iRule can help? The scenario is:     10 x (customer) IIS web servers that make use of ASPSESSIONID's.     A pair of LTM's...
application delivery
dev
devops
iRules
Julian_Grunnell's avatar
Julian_Grunnell
Icon for Nimbostratus rankNimbostratus
Jun 12, 2007
Hi - yes I believe these are session based to ensure that once a user logs into this website not only can we direct them back to the same server but the ASPSESSIONID refers to a specific user on that server if that makes sense. As we don't admin the web servers at all, just the LTM's I don't have a great deal of knowledge on this area. We have been told that an ASPSESSIONID from server "A" is useless on server "B".

 

 

We tried cookie insert which meant no web server changes and got the exact same results, from my understanding cookie rewrite just intercepts a blank cookie from the web server and rewrites / adds the relevant persistence info, thus removing some of the work from the LTM.

 

 

So I can see why the ASPSESSIONID is needed, but also see why the BIGipCookie is needed, just that the LTM doesn't appear to like both at the same time.

 

 

I've used livehttpheaders and can see this happening.

 

 

Thanks - J.