For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Zero_86762's avatar
Zero_86762
Icon for Nimbostratus rankNimbostratus
Jan 22, 2013

Help with iRule - APM Logout Sequence + Redirect

  Environment = SAP Netweaver (LTM/APM)   Logout URI configured iRule redirects users to hangup.php3 but does not remove session cookies. This allows users the capability to access the s...
application delivery
dev
devops
iRules
Zero_86762's avatar
Zero_86762
Icon for Nimbostratus rankNimbostratus
Jan 23, 2013

I tried to encrypt the cookie thinking this would be a good work around. And it does allow the user to log off and even if they have the cookie it is now encrypted.

 

The problem is without removing the cookies, if the user tries to log back in gets load balanced to another server, the session is invalid. He never gets the new cookie (when they login) because he already has it.

 

Doh, I thought i had a good solution, but back to the drawing board...