Forum Discussion

pjcampbell_7243's avatar
Jan 25, 2012

Default cookie persistence

Could anyone tell me if the default cookie persistence is matched across services/virtual servers? For example I have one virtual server for HTTP and another for HTTPS. Will the default cookie persistence keep users on the same server?




These both go to the same pool port 80 since we are using client SSL.



Developers are reporting they are losing session data. From what I understand we should end up on the same server here.






3 Replies

  • Hi Patrick,



    If the two virtual servers both use the same pool cookie insert persistence should work fine. If this isn't working, I'd make sure you have a OneConnect profile enabled on both virtual servers. If you're using serverside source address translation, you can use the default OneConnect profile with a /0 source mask. Else if you're not using SNAT then create a custom /32 source mask OneConnect profile.





    You can use this iRule to debug cookie persistence:




  • Thanks. It did not have oneconnect or snat automap enabled. I have no problem using those, although I am not sure that I understand why they are needed.



    What source IP would the requests originate from if we don't have automap enabled? I know when I have automap they come from the self IP on that subnet.



    Thanks always for your help!
  • You don't need to enable SNAT to use cookie persistence or OneConnect. If you don't need SNAT, then you can create a custom OneConnect profile with a /32 source mask. Assign that OneConnect profile to both virtual servers. This ensures that serverside connections are only reused for the same client IP.



    If you do not enable SNAT and have a /0 source mask OneConnect profile enabled on the VS, TMM can reuse one client's serverside connection for a different client IP. This will cause the server logs to show the wrong source IP and can also lead to app session mixing issues if the app makes assumptions about the client session based on the source IP address.



    Is that the information you were looking for? If not, can you clarify?



    Thanks, Aaron