Forum Discussion

Cirrus

Jan 25, 2012

Default cookie persistence

Could anyone tell me if the default cookie persistence is matched across services/virtual servers? For example I have one virtual server for HTTP and another for HTTPS. Will the default cookie pers...

config

design

hooleylist

Cirrostratus

Feb 15, 2012

You don't need to enable SNAT to use cookie persistence or OneConnect. If you don't need SNAT, then you can create a custom OneConnect profile with a /32 source mask. Assign that OneConnect profile to both virtual servers. This ensures that serverside connections are only reused for the same client IP.

If you do not enable SNAT and have a /0 source mask OneConnect profile enabled on the VS, TMM can reuse one client's serverside connection for a different client IP. This will cause the server logs to show the wrong source IP and can also lead to app session mixing issues if the app makes assumptions about the client session based on the source IP address.

Is that the information you were looking for? If not, can you clarify?

Thanks, Aaron

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Default cookie persistence

Recent Discussions

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

Related Content

Persistence Cookie Logging

Manual cookie persistence

Disable cookie persistance in irule

HTTP To HTTPS Cookie Persistence

Cookie Persistence Without The Port

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS