Forum Discussion

mikeshimkus_111's avatar
mikeshimkus_111
Historic F5 Account
Dec 17, 2013

We don't have any way to delete cookies from a client machine using an iRule. We can delete APM sessions using iRules, or even return an expired cookie, but we don't have any criteria to differentiate a session from a closed browser vs one that has just been inactive for a bit. That's why you need a client agent of some sort.

 

If you delete the APM cookie on "onbeforeload", doesn't that leave the cookie in the browser store where it could be used by a different user (this is the way Office apps can use existing sessions to edit documents)?

 

Wanting to remove all cookies from the machine on exit is pretty common in the public computer/kiosk scenario. I'm assuming that's what we're talking about here, correct? You wouldn't have much need for this on a trusted machine.

 

  • Mathieu_125197's avatar
    Mathieu_125197
    Icon for Nimbostratus rankNimbostratus
    Jan 10, 2014
    Hello guys, I have the same issue, i have created the irule to delete the session when the browser it's closed but i have a another issue when close the file ( Word, Excel..) , see below the irule: when SERVER_CLOSED { log local0. "Server Connection Closed to [IP::server_addr]." ACCESS::session remove log local0. "TCP Connection Closed to [IP::client_addr]." } But, when i open/editing the file and when close the file, the irule is invoked but drop the global session and the cookie so after i don't have access to the web site. So, have you any update for this case. Regard's
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Jan 10, 2014
    SERVER_CLOSED is triggered when the server-side connection is closed. You wouldn't want to do that for exactly the reason you mentioned. Your browser session shouldn't even stay valid since the APM session is killed every time a back-end connection is closed. I'll ask around about a possible RFE for this, but AFAIK it's not easy to do or even possible w/o the Edge client.