f5 sharepoint tenacious session issue

Hi,

The iApp should have configured a logout URI of "/_layouts/SignOut.aspx" in the APM access profile. 5 seconds after you click logout, the APM session should be killed. If the browser is closed without clicking logout, the session should be killed after 15 minutes. Are these not working for you?

thanks

Mike

Hi Mike,

the logout button is not the problem. When user hits logout, the session terminates. BTW I had to implement an iRule to achieve this:

when HTTP_REQUEST {
if { [HTTP::uri] contains "/_layouts/SignOut.aspx" }{
HTTP::redirect "https://[HTTP::host]/vdesk/hangup.php3"
}
}

By which setting can I control the 15 minutes timeout you mention?

Regards, Alexander

Maybe I used an older version of the template...

Is there no way to force the browser to delete the session upon exit apart from inactivity timeout?

Lotus iNotes would kill a session upon browser exit...

AP, Configurations, Logout URI include /_layouts/SignOut.aspx Add logout URI TimeOut 5 sec

Resuming, I can limit the overall duration of a session and I can set an inactivity timeout.

Is there no way to set some kind of cookie option that tells the browser to delete the cookie on exit or on next startup?

We have purchased the big ip to enhance access security and now it seems to leave an open hole ...

Any ideas?

Regards, Alexander

I think I have found it. In access policy > SSO/Auth Domain the cookie persistent option was activated. After deactivating the option the sharepoint session terminated upon browser exit.

Who could imagine that the option "cookie persistent" had to do anything with the persistence of the cookie! |-)

I will do some more testing, but right now the issue seems to be resolved.

Thanks to all Alex

Alex, that is correct. However, the persistent APM cookie is required if you are going to be opening or editing documents in Office applications. The cookie must be persistent so that it can be made available to those apps.

If you are only opening Office docs in Office Web Apps, you should be OK.

Mike

Hi Mike,

thank you for the hint. I have activated the persistent cookie option again, because editing the documents directly online is a key feature of sharepoint.

We will have to go for OWAS, I think.

Regards, Alexander

I have this same issue and have a call open with F5 about it. They've now submitted an RFE for me so maybe if you request the same we might get some momentum?

For us the F5 is replacing ISA on a customer network and through the ISA all functionality works correctly and if you close the browser this kills the session correctly.

Deciding between leaving the session available for 15 minutes in an Internet cafe or not being able to edit documents in native applications just isn't an option. Neither is reducing the 15 minutes idle period since this will again frustrate users who may be compiling an document to upload in to the system.

I've considered an iRule to detect browser close to then delete the user session from F5 but then you have to identify whether a user has multiple tabs open etc so you don't bin them out until the last one closes..

Regarding the sign-out this isn't included in the 11.3 HF8 template I don't believe.

I also don't think this works properly, can you test yours?

If I logout from the main page it works fine but if I logout from the "My Content" area and close the browser the session doesn't get killed. My theory on this is that the logout URI is different..

https://sharepointsite.com/personal/USERNAME/_layouts/SignOut.aspx

So maybe this doesn't fit with the root /