Forum Discussion
fredlubrano
Cirrus
CirrusCustom APM Logon page Access policy evaluation is already in progress for your current session
Hello,
I am trying to solve a problem as I am blocked by the following message,
When I click on the link '<p>Please register <a href='/register.php'>here</a> if you don't have an account yet.</p>'.":
'Access policy evaluation is already in progress for your current session.'
I have tried several solutions, but to no avail. I am considering implementing this solution: https://community.f5.com/t5/technical-forum/big-ip-16-0-apm-logon-page-and-href-links/m-p/236761. Does anyone have a suggestion?
Thank you, Fred.
define(["require", "exports", "tslib", "module", "apmui/page/logon/View"], function (require, exports, tslib_1, module, View_1) {
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
requirejs.config({
map: {
'apmui/master/View': {
'apmui/page/logon/View': module.id,
},
},
});
/* Replacement View component */
var CustomLogonView = /** @class */ (function (_super) {
tslib_1.__extends(CustomLogonView, _super);
function CustomLogonView() {
return _super !== null && _super.apply(this, arguments) || this;
}
CustomLogonView.prototype.componentDidMount = function () {
_super.prototype.componentDidMount.call(this);
var content = document.getElementsByClassName('apmui-content')[0];
var message = document.createElement('div');
message.style.cssText = 'max-width: 400px; width: 100%; padding-top: 20px;';
message.id = "message";
message.innerHTML = '<p>Please register <a href=\'/register.php\'>here</a> if you don\'t have an account yet.</p>';
content.appendChild(message);
};
return CustomLogonView;
}(View_1.default));
exports.default = CustomLogonView;
});
Hello, I think I need to take a vacation đ It's just a small irule and a landing URI issue. Fred.
when HTTP_REQUEST { # Log de dĂ©but log local0. "DĂ©but de traitement de la requĂȘte : [HTTP::uri] avec le referer : [HTTP::header "Referer"]" # VĂ©rifiez si l'URI et le referer correspondent Ă vos critĂšres if { [HTTP::uri] equals "/register.php" and [HTTP::header "Referer"] equals "https://ilove.mama.net/my.policy" } { # VĂ©rifiez la valeur de la variable de session F5 APM set policyResult [ACCESS::session data get "session.policy.result"] log local0. "session.policy.result = $policyResult" # Si la variable de session n'est pas 'allow', supprimez les cookies if {$policyResult ne "allow"} { log local0. "La condition de session APM est remplie. Suppression des cookies." # Supprimez les cookies MRHSession et LastMRH_Session HTTP::cookie remove "MRHSession" HTTP::cookie remove "LastMRH_Session" } else { log local0. "La condition de session APM n'est pas remplie. Les cookies ne sont pas supprimĂ©s." } } # Log de fin log local0. "Fin de traitement de la requĂȘte : [HTTP::uri]" }
- Lucas_Thompson
Employee
That error happens in this situation:
- A user visits an APM-protected URL
- APM creates a session and sent the session cookie in a 302 redirect to "/my.policy"
The session is now in "pending" state and is waiting for POSTs to /my.policy to continue moving through the policy - The user's browser SHOULD send a GET to /my.policy with the session cookie, but instead it sends the APM session cookie in a GET, but not to "/my.policy"
- APM responds with this error
To work around this problem, let the browser follow the my.policy redirect and complete the access policy *before* visiting any other URLs.
fredlubranoHello Thomas,
first of all, thank you for your prompt response. I am in scenario number 2: my session is in 'pending' status, and I've tried using this iRule, but it results in a 'too many redirects' error. Do you have any suggestions for resolving this issue?
Thanks,
fredhen HTTP_REQUEST { if { [HTTP::uri] equals "/register.php" } { set landingURI [ACCESS::session data get "session.server.landinguri"] set policyResult [ACCESS::session data get "session.policy.result"] log local0. "VĂ©rification de l'URI de la requĂȘte : URI=[HTTP::uri], Landing URI=$landingURI, Policy Result=$policyResult" if { $landingURI equals "/" and $policyResult equals "not_started" and not [HTTP::cookie exists "MRHSession"] } { # Supprimez le cookie MRHSession et redirigez HTTP::cookie remove "MRHSession" HTTP::redirect "/register.php" log local0. "Redirection effectuĂ©e Ă cause des conditions remplies : Suppression de cookie MRHSession et redirection vers /register.php" } } }- fredlubrano
Hello, I think I need to take a vacation đ It's just a small irule and a landing URI issue. Fred.
when HTTP_REQUEST { # Log de dĂ©but log local0. "DĂ©but de traitement de la requĂȘte : [HTTP::uri] avec le referer : [HTTP::header "Referer"]" # VĂ©rifiez si l'URI et le referer correspondent Ă vos critĂšres if { [HTTP::uri] equals "/register.php" and [HTTP::header "Referer"] equals "https://ilove.mama.net/my.policy" } { # VĂ©rifiez la valeur de la variable de session F5 APM set policyResult [ACCESS::session data get "session.policy.result"] log local0. "session.policy.result = $policyResult" # Si la variable de session n'est pas 'allow', supprimez les cookies if {$policyResult ne "allow"} { log local0. "La condition de session APM est remplie. Suppression des cookies." # Supprimez les cookies MRHSession et LastMRH_Session HTTP::cookie remove "MRHSession" HTTP::cookie remove "LastMRH_Session" } else { log local0. "La condition de session APM n'est pas remplie. Les cookies ne sont pas supprimĂ©s." } } # Log de fin log local0. "Fin de traitement de la requĂȘte : [HTTP::uri]" }- Lucas_Thompson
OK great! Sounds like you got it worked out.
This is another situation where APM's weird "Landing URI" type session setup and handling is different than a normal web app.
