Forum Discussion
dexter90_147975
Nimbostratus
NimbostratusF5 loadbalancer and session timeout in ASP application
Hello,
I have a problem with F5 loadbalancer and session timeout in ASP application. We have F5 in out company for few days Since then, there is a problem with session timeout. ASP app has 30min timeout set but keeps logging of already after few minutes. This phenomenon didn't occur with Windows loadbalancer.
Manuel_60430Hi dexter,
I guess the default Idle timeout on your F5 is 300 seconds for TCP connections. If you want to set a higher value for this, have a look in your tcp profile.
Hope this helps, Manuel
dexter90_147975HTTP is stateless protocol in application layer. Is problem in idle Time TCP? I'm not sure.
Automatic logout occurs in different time interval < session timeout ASP app.
How I can verify this problem on the app server? Maybe Wireshark?
- Manuel_60430
You're right, http is stateless and tcp is stateful.
You said the issues occur since you've changed from a Microsoft product to a F5, so I would search here for the differences. It's not new to me that Microsoft has it's own interpretation of RFCs.
If the problem is reproducible, I would recommend a Wireshark trace on the app server and client and compare them. Maybe you need to do further investigation on the "middle-ware" (like the F5 or Firewall) if the traces don't corelate.
- dexter90_147975
I installed WireShark on the application server's. I observer below situation:
request1 (logging) -> AppServer1 (OK) request2 (search product) -> AppServer1 (OK) request3 (product details) -> AppServer1 (OK)
--------- Delay (more than 180sec)
request4 -> AppServer2 and logout.....
Why request is redirect on AppServer2??
- Manuel_60430
Hi dexter,
I think this is seen as a new request from the F5 and a new load balancing decision is made. This would mean that you might randomly (depending on the load balancing method) fall into this issue.
Are you using any persistence profile? If you use persistence based on client IP addresses this problem shouldn't appear. However, if you have loads of client requests with the same IP (like clients behind a proxy or CDN), then I made good experiences with granting a session cookie.
Let me know if this helps, Manuel
Dowlas_LoboI agree with Manuel,
Along with persistence you can also check the TCP protocol client and server profiles.
you can create a custom TCP profile with "Reset On Timeout" disabled, idle timeout to 1800 and apply on virtual server Protocol Profile (Client) and Protocol Profile (Server)
Dowlas.
- dexter90_147975
I changed idle time for persistence based on client ip on 1800 sec (default 180sec) and is better :).
- Manuel_60430
Awesome! If you need to have more control, you can write an iRule and merge it with a universal persistence profile.
Cheers, Manuel
- dexter90_147975
Is it possible that change persistance on cookie has an impact on the work user? I will change this option on production environment.
Dan_23720I have changed attributes on the cookie persistence profile without affect to users, however it also depends on your app/load. I suggest using cookie persistence profile with a fallback of source persistence. I wouldn't add cookie persistence via irules if you are on certain versions of BigIP as there is an issue. It is described here with a workaround: http://support.f5.com/kb/en-us/solutions/public/11000/600/sol11679.html
- Manuel_60430
There would be an impact, if the client browser does not support cookies. However you can bypass this with a fallback persistence profile (like based on source IP, as Dan mentioned)
Basically I prefer the use of session cookies from my experience.
best regards, Manuel