Hi, Is it possible to delete a dedicated variable via irule from another APM session? Thank you, sm

Not sure you can delete an APM variable but you can for sure remove its value with the following command : ACCESS::session data set [-sid ] [-secure] [] where sid is the Session ID and key is the variable name.

Yes just this works: ACCESS::session data set –sid

I am trying to get session information for another session. When I use the sessiondump command i get 8 digit session numbers, but when i try to use them in a ACCESS::session data get -sid 12345678 it returns an error that the session doesn't exist. from the above example the sid seems to be a much larger value. I'm curious what the sid value should be? Then, is there a way to obtain the list of active sessions -- sessionid's as I would like to roll through all active sessions and report some of the session information. thank you.

hello, the sid is the full MRHSession cookie value not just the last 8 digits (LastMRH_Session)

how to delete apm session variable from another session

16 Replies

Yann_Desmarest
Cirrus
Aug 20, 2014
Not sure you can delete an APM variable but you can for sure remove its value with the following command :

ACCESS::session data set [-sid ] [-secure] []

where sid is the Session ID and key is the variable name.
Andrea_Arquint
Nimbostratus
Aug 20, 2014
Yes just this works: ACCESS::session data set –sid

Andrea_Arquint

Nimbostratus

Aug 20, 2014

I mean it does work like this

ACCESS::session data set –sid 12345678901234567234562345 session.logon.last.username “”

brad_11480
Nimbostratus
Oct 02, 2014
I am trying to get session information for another session. When I use the sessiondump command i get 8 digit session numbers, but when i try to use them in a ACCESS::session data get -sid 12345678 it returns an error that the session doesn't exist. from the above example the sid seems to be a much larger value. I'm curious what the sid value should be?

Then, is there a way to obtain the list of active sessions -- sessionid's as I would like to roll through all active sessions and report some of the session information.

thank you.
Yann_Desmarest
Cirrus
Oct 02, 2014
hello,

the sid is the full MRHSession cookie value not just the last 8 digits (LastMRH_Session)
Yann_Desmarest
Cirrus
Oct 02, 2014
hello,

the sid is the full MRHSession cookie value not just the last 8 digits (LastMRH_Session)
Yann_Desmarest
Cirrus
Oct 02, 2014
hello,

the sid is the full MRHSession cookie value not just the last 8 digits (LastMRH_Session)
Yann_Desmarest
Cirrus
Oct 02, 2014
hello,

the sid is the full MRHSession cookie value not just the last 8 digits (LastMRH_Session)
Yann_Desmarest
Cirrus
Oct 02, 2014
hello,

the sid is the full MRHSession cookie value not just the last 8 digits (LastMRH_Session)
- brad_11480
  Nimbostratus
  Jun 06, 2017
  well, actually it seems that it only looks at the last 8 digits. seems anything can be used in the first 24 digits.. use z or x (doesn't even have to be hex digits). So don't be fooled thinking the 32 digit string is more secure or has any other significance.....
  
  why they require 32 digits when only 8 are used is strange...
- Yann_Desmarest
  Cirrus
  Jun 13, 2017
  Hi,
  
  You can have a look at this article : https://support.f5.com/csp/article/K15387
  
  They explain that the first 24 HEX digits is rotated during policy evaluation for security reasons.
  
  I think that the MRHSession is really important when you are under policy evaluation. Once logged in, Last_MRHSession is the only required cookie.
- brad_11480
  Nimbostratus
  Jun 19, 2017
  Good information. I'm using it after the session evaluation is complete and the session is underway, and the document does say: "After Access Policy evaluation, the session ID remains static.". But the interesting part is that I can use the last 8 digits anything as the first 24 digits and it is successful-- it doesn't have to match the value of the MRHSession cookie. I am, however, checking a full match with my code as I require it to match all 32 digits.
Yann_Desmarest_
Nacreous
Oct 02, 2014
hello,

the sid is the full MRHSession cookie value not just the last 8 digits (LastMRH_Session)
- brad_11480
  Nimbostratus
  Jun 06, 2017
  well, actually it seems that it only looks at the last 8 digits. seems anything can be used in the first 24 digits.. use z or x (doesn't even have to be hex digits). So don't be fooled thinking the 32 digit string is more secure or has any other significance.....
  
  why they require 32 digits when only 8 are used is strange...
- Yann_Desmarest_
  Nacreous
  Jun 13, 2017
  Hi,
  
  You can have a look at this article : https://support.f5.com/csp/article/K15387
  
  They explain that the first 24 HEX digits is rotated during policy evaluation for security reasons.
  
  I think that the MRHSession is really important when you are under policy evaluation. Once logged in, Last_MRHSession is the only required cookie.
- brad_11480
  Nimbostratus
  Jun 19, 2017
  Good information. I'm using it after the session evaluation is complete and the session is underway, and the document does say: "After Access Policy evaluation, the session ID remains static.". But the interesting part is that I can use the last 8 digits anything as the first 24 digits and it is successful-- it doesn't have to match the value of the MRHSession cookie. I am, however, checking a full match with my code as I require it to match all 32 digits.

Forum Discussion

how to delete apm session variable from another session

16 Replies

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

AST Configuration Assistance

Floating IP responds from wrong VLAN/trunk

expandsSubcollections and filtering in F5 SDK

F5 i-series Guests to r-series tenants migration

Building new F5 replica

Related Content

APM Session Variable Logging

APM variable assign examples

MCP Session Affinity With F5 NGINX Plus

Getting Started with iRules: Variables

APM subsession variables disappear before session is terminated

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS