Forum Discussion
Terrence
Jun 15, 2012Nimbostratus
Exchange OWA Enhanced login timeout
So this is my second post on this topic, and I am starting another post, because the earilier post has much information that was no longer relavent.
We are currently in the deployment stages...
jlarosa_44289
Jul 13, 2012Nimbostratus
We are having trouble getting this iRule to work properly. We too are on 11.2 HF1, the only difference is that we are running only a single LTM/APM. We are not using Edge Gateway. All HTTPS services (OA,AS,AD,OWA,EWS, etc.) are combined into a single VS.
First off, this is my version of the iRule:
when ACCESS_ACL_ALLOWED {
set apm_mrhsession [HTTP::cookie value "MRHSession"]
if { [table lookup $apm_mrhsession] == "EXCHANGE_LOGOUT" } {
ACCESS::session remove
table delete $apm_mrhsession
HTTP::redirect "https://[HTTP::host]/vdesk/hangup.php3"
}
unset apm_mrhsession
}
when HTTP_REQUEST {
Reads the custom session variable set when a user has a 2007 homeMDB attribute
set session_Exchange [ACCESS::session data get "session.Exchange"]
set isset 0
set request_uri [HTTP::uri]
User has a 2010 mbx and goes to 2010 OWA CAS Pool
if { [HTTP::uri] contains "UA=0" } {
set mrhsession [HTTP::cookie value "MRHSession"]
set isset 1
}
User has a 2007 mbx and goes to 2007 OWA CAS Pool
if { $session_Exchange equals "2007" && [HTTP::uri] contains "ev.owa"} {
log local0. "2007 User isset to 1"
set mrhsession [HTTP::cookie value "MRHSession"]
set isset 1
}
unset session_Exchange
}
when HTTP_RESPONSE {
if { $isset == 1 } {
if { $mrhsession != "" && [HTTP::status] == 440 } {
table set $mrhsession "EXCHANGE_LOGOUT"
unset mrhsession
unset request_uri
return
}
unset isset
unset mrhsession
}
if { [ info exists request_uri ] } {
unset request_uri
}
}
Without the edits above, OWA would simply hang upon signout. The page would go blank, and just continuously process. We wanted a cleaner experience for our users, so we decided to combine the redirect and ACCESS::session remove into a single function: HTTP::redirect "https://[HTTP::host]/vdesk/hangup.php3". We then had to add the final [info exists request_uri] section because we were getting LTM errors that the variable could not be unset because it did not exist.
This does not appear to be working as it should. We occasionally get these LTM errors: http_process_state_header_xfer - Invalid action EV_SINK_HEADER during ST_HTTP_XFER_HEADERS
Since the APM Session Remove action is bundled with the redirect, if the redirect does not work, the session is never removed. I know I can just add the ACCESS::session remove back, but we have customized APM Logon to fit out branding and would really like to use the Logout page to inform users their session has ended.
Any thoughts?
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects