Forum Discussion
how to delete apm session variable from another session
hello,
the sid is the full MRHSession cookie value not just the last 8 digits (LastMRH_Session)
- brad_11480Jun 06, 2017Nimbostratus
well, actually it seems that it only looks at the last 8 digits. seems anything can be used in the first 24 digits.. use z or x (doesn't even have to be hex digits). So don't be fooled thinking the 32 digit string is more secure or has any other significance.....
why they require 32 digits when only 8 are used is strange...
- Yann_DesmarestJun 13, 2017Cirrus
Hi,
You can have a look at this article : https://support.f5.com/csp/article/K15387
They explain that the first 24 HEX digits is rotated during policy evaluation for security reasons.
I think that the MRHSession is really important when you are under policy evaluation. Once logged in, Last_MRHSession is the only required cookie.
- brad_11480Jun 19, 2017Nimbostratus
Good information. I'm using it after the session evaluation is complete and the session is underway, and the document does say: "After Access Policy evaluation, the session ID remains static.". But the interesting part is that I can use the last 8 digits anything as the first 24 digits and it is successful-- it doesn't have to match the value of the MRHSession cookie. I am, however, checking a full match with my code as I require it to match all 32 digits.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com