Forum Discussion
C_D_18583
Nimbostratus
NimbostratusCookie set by application server
How can I write a rule that can pick up the cookie that is set by the application server and have the ability to reset it.
Essentially the requirement is when a user logins in to the application the first time F5 routes to any node but the applications will set the cookie and that cookie will be persisted by F5.
However , if that node should go down we would like F5 to clear that cookie and go back to reselect another node and then the application will set another cookie.
The rules partially works ( clears the local cookie ( myCookie ) when the node is down ) but the APP_SESSION_COOKIE is not reset hence it continues to persisting to a node that is marked down:
Please advise
when RULE_INIT {
set ::myPool default_pool
set ::myPort 80
set ::myCookie APP_SESSION_COOKIE
}
when HTTP_REQUEST {
set myServer [findclass [substr [HTTP::cookie $::myCookie] 0 2] $::ip_list " "]
log local0. "The Cookie identifier is: [substr [HTTP::cookie $::myCookie] 0 2]"
if { $myServer ne "" } {
if { [LB::status pool $::myPool member $myServer $::myPort] ne "down" } {
pool $::myPool member $myServer $::myPort
log local0. "Server picked is: $myServer $::myPort"
}
else {
HTTP::cookie remove "$::myCookie"
pool $::myPool
log local0. "Selected server [IP::server_addr] is down, reloadbalancing."
}
}
else {
pool $::myPool
log local0. "No valid cookie/server pairing found, load balancing request to any server in $::myPool."
}
}
hoolioCirrostratus
Can you enable logging and then post the log output when the rule doesn't work? If you're able to log the HTTP request and response headers, that would help too.
Aaron
Nicolas_MenantEmployee
I guess the issue here is that you remove the cookie in the request but it is not cleared from the client's browser
you'll need to force the cookie to expire in a response- Nicolas_Menantyou can use something like that:
When you see its node is down, you redirect the user to the same page but you insert in the response a cookie which will force the expiration of the cookieset cookie_expire "$::myCookie=;expires=-1" HTTP::respond 302 Location "http://[HTTP::host][HTTP::uri]" "Set-Cookie" $cookie_expire 
C_D_18583Thanks for the response , I did try the above statement but it gave me the same error . Here are some logs:
When the server connected if up :
Apr 24 10:59:51 tmm tmm[730]: Rule client_identity_test : Server picked is: 192.168.156.108 8081
Apr 24 10:59:52 harp bigd: 01060111:3: Open SSL error - error:140770FC:SSL routines:func(119):reason(252).
Apr 24 10:59:53 tmm tmm[730]: Rule client_identity_test : The Cookie identifier is: 02
Apr 24 10:59:53 tmm tmm[730]: Rule client_identity_test : The member status is:up
Apr 24 10:59:53 tmm tmm[730]: Rule client_identity_test : The IF Statement
Apr 24 10:59:53 tmm tmm[730]: Rule client_identity_test : Server picked is: 192.168.156.108 8081
Apr 24 10:59:53 tmm tmm[730]: Rule client_identity_test : The Cookie identifier is: 02
Apr 24 10:59:53 tmm tmm[730]: Rule client_identity_test : The member status is:up
Apr 24 10:59:53 tmm tmm[730]: Rule client_identity_test : The IF Statement
When the Server goes down:
Apr 24 11:02:20 harp bigd: 01060111:3: Open SSL error - error:140770FC:SSL routines:func(119):reason(252).
Apr 24 11:02:21 tmm tmm[730]: Rule client_identity_test : The Cookie identifier is: 02
Apr 24 11:02:21 tmm tmm[730]: Rule client_identity_test : The member status is:down
Apr 24 11:02:21 tmm tmm[730]: Rule client_identity_test : The ELSE Statement
Apr 24 11:02:21 tmm tmm[730]: Rule client_identity_test : The Cookie identifier is:
Apr 24 11:02:21 tmm tmm[730]: 01220001:3: TCL error: Rule client_identity_test - Error: No serverside connection established (line 18) invoked from within "IP::server_addr"
Apr 24 11:02:22 harp bigd: 01060111:3: Open SSL error - error:140770FC:SSL routines:func(119):reason(252).
Apr 24 11:02:25 harp bigd: 01060111:3: Open SSL error - error:140770FC:SSL routines:func(119):reason(252).- C_D_18583I tried the following command but I could not get the browser cookie to reset
set cookie_expire "$::myCookie=;expires=-1" HTTP::respond 302 Location "http://[HTTP::host][HTTP::uri]" "Set-Cookie" $cookie_expire - hoolioWhat do you see in the Set-Cookie header on the client when the 302 response is sent?
Maybe use 1/1/1970 instead of -1? Here's an example that worked for me previously. I set the cookie value to the string "null", to test. I suppose it shouldn't matter though.
HTTP::respond 302 Location http://$::host$::default_redirect_path Set-Cookie "${::session_cookie_name}=null\;Expires=Thurs, 01-Jan-1970 00:00:00 GMT"
Also, the TCL error you have listed above is because you were referencing IP::server_addr when a server side connection hadn't been established. If the log statement using IP::server_addr was in an event where the server side connection should normally be there, you can try to log it without causing the TCL error using catch (Click here).if {[catch {IP::server_addr}] server_ip}{ There was an error running IP::server_addr, so don't try to log the value log local0. "No serverside connection" } else { No error. There was a serverside connection, so the value is saved in $server_IP log local0. "\$server_ip: $server_ip" }
Lastly, the bigd SSL routines error being logged is probably from a misconfigured HTTPS monitor, or an HTTPS monitor polling a non-HTTPS server.
Aaron - C_D_18583Thanks for all you help. I resolved the problem. Actually the irule was working fine except for the log statement was causing some errors as you mentioned above. I removed the log statement.
The main problem was one of our application servers was setting the cookie with a different name. There was a trailing blank in the cookie name. - Nice to know the iRule was working. Thanks much for letting us know how this one turned out!
Colin
