Forum Discussion

sundogbrew's avatar
sundogbrew
Icon for Altocumulus rankAltocumulus
May 02, 2013

Cookie timeout

So here is the long and short of it. I am trying to set a cookie with timeout so that I can migrate users off a machine for patching. Seems like this would be a simple function? I am not fiding it to be?

 

I have 2 F5s one runs 10.2 and the other runs 11.2

 

on the system that runs 10.2 I have a cookie setup that is just a cookie insert with 4 hour timeout. The way this works is everytime you go to the page that 4 hours resets. So it is 4 hours from the last time you were on the site even if you just sit there and hit the refresh on your browser.

 

On the sytem that runs 11.2 I am trying to get that very functionality but when I go to the page my cookie says it expires in 4 hours so 19:00 if I refresh in an hour it still says 19:00 not 20:00 which is what I would expect and what I get on the above. So you only get 4 hours from the first time you went to the site.

 

I have no idea why? One other question, if you select disabled (only persistant or active connections allowed) does that override the cookie timeout and force it to timeout?

 

Thanks as always

 

Joe

 

management
monitoring

4 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    May 02, 2013
    Hi Joe,

     

     

    There's an open bug on this:

     

    Bug 397337 - BIG-IP should send cookie always in response especially if cookie expiration is in play

     

     

    The workaround is to set 'always send cookie' on any cookie persistence profile that has a time expiration.

     

     

    Aaron
  • sundogbrew's avatar
    sundogbrew
    Icon for Altocumulus rankAltocumulus
    May 03, 2013
    Thanks Hoolio,

     

    I tried the always send cookie option and it still doesn't work unless I leave the site and comeback but for a refresh it doesn't work.

     

    Is there any info on this bug? I can't seem to find anything? I opened a ticket with F5 to get some documentation and see if going to a newer version would fix it or if there is a hotfix for it but haven't yet heard anything back.

     

    Thanks

     

    Joe
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    May 04, 2013
    Is there any info on this bug? I can't seem to find anything? I opened a ticket with F5 to get some documentation and see if going to a newer version would fix it or if there is a hotfix for it

    ID397337 is not fixed yet.

     

     

    I tried the always send cookie option and it still doesn't work unless I leave the site and comeback but for a refresh it doesn't work.

    always-send seems working fine on my 11.3.0.

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    May 04, 2013
     v10.2.4

[root@ve10:Active] config  b version|grep -iA 1 version
BIG-IP Version 10.2.4 655.0
Hotfix HF4 Edition

[root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.252:80
   ip protocol 6
   persist mycookie
   profiles {
      http {}
      tcp {}
   }
}
[root@ve10:Active] config  b profile mycookie list
profile persist mycookie {
   mode cookie
   cookie expiration 0:10:00
}

[root@ve10:Active] config  curl -I http://172.28.19.252
HTTP/1.1 200 OK
Date: Sat, 04 May 2013 06:49:05 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sat, 27 Oct 2012 03:22:35 GMT
ETag: "4183f3-59-f28f94c0"
Accept-Ranges: bytes
Content-Length: 89
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServerfoo=1707657416.20480.0000; expires=Sat, 04-May-2013 06:48:23 GMT; path=/

[root@ve10:Active] config  curl -I http://172.28.19.252 -H "Cookie: BIGipServerfoo=1707657416.20480.0000; expires=Sat, 04-May-2013 06:48:23 GMT; path=/"
HTTP/1.1 200 OK
Date: Sat, 04 May 2013 06:49:15 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sat, 27 Oct 2012 03:22:35 GMT
ETag: "4183f3-59-f28f94c0"
Accept-Ranges: bytes
Content-Length: 89
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServerfoo=1707657416.20480.0000; expires=Sat, 04-May-2013 06:48:33 GMT; path=/

 v11.3.0

root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) show sys version|grep -A 5 Main\ Package
Main Package
  Product  BIG-IP
  Version  11.3.0
  Build    3022.0
  Edition  Hotfix HF3
  Date     Fri Feb 22 00:00:34 PST 2013

root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.20.16:80
    ip-protocol tcp
    mask 255.255.255.255
    persist {
        mycookie {
            default yes
        }
    }
    pool foo
    profiles {
        http { }
        tcp { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vlans-disabled
}
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm persistence cookie mycookie
ltm persistence cookie mycookie {
    always-send disabled
    app-service none
    expiration 10:0
}

[root@ve11a:Active:Changes Pending] config  curl -I http://172.28.20.16
HTTP/1.1 200 OK
Date: Sat, 04 May 2013 06:51:23 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sat, 27 Oct 2012 03:22:35 GMT
ETag: "4183f3-59-f28f94c0"
Accept-Ranges: bytes
Content-Length: 89
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServerfoo=1707657416.20480.0000; expires=Sat, 04-May-2013 06:44:06 GMT; path=/

[root@ve11a:Active:Changes Pending] config  curl -I http://172.28.20.16 -H "Cookie: BIGipServerfoo=1707657416.20480.0000; expires=Sat, 04-May-2013 06:44:06 GMT; path=/"
HTTP/1.1 200 OK
Date: Sat, 04 May 2013 06:51:31 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sat, 27 Oct 2012 03:22:35 GMT
ETag: "4183f3-59-f28f94c0"
Accept-Ranges: bytes
Content-Length: 89
Content-Type: text/html; charset=UTF-8

root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) modify ltm persistence cookie mycookie always-send enabled
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm persistence cookie mycookie
ltm persistence cookie mycookie {
    always-send enabled
    app-service none
    expiration 10:0
}

[root@ve11a:Active:Changes Pending] config  curl -I http://172.28.20.16
HTTP/1.1 200 OK
Date: Sat, 04 May 2013 06:52:00 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sat, 27 Oct 2012 03:22:35 GMT
ETag: "4183f3-59-f28f94c0"
Accept-Ranges: bytes
Content-Length: 89
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServerfoo=1707657416.20480.0000; expires=Sat, 04-May-2013 06:44:43 GMT; path=/

[root@ve11a:Active:Changes Pending] config  curl -I http://172.28.20.16 -H "Cookie: BIGipServerfoo=1707657416.20480.0000; expires=Sat, 04-May-2013 06:44:43 GMT; path=/"
HTTP/1.1 200 OK
Date: Sat, 04 May 2013 06:52:08 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sat, 27 Oct 2012 03:22:35 GMT
ETag: "4183f3-59-f28f94c0"
Accept-Ranges: bytes
Content-Length: 89
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServerfoo=1707657416.20480.0000; expires=Sat, 04-May-2013 06:44:51 GMT; path=/