Forum Discussion
hello,
the sid is the full MRHSession cookie value not just the last 8 digits (LastMRH_Session)
hello,
the sid is the full MRHSession cookie value not just the last 8 digits (LastMRH_Session)
- brad_11480Nimbostratus
Good information. I'm using it after the session evaluation is complete and the session is underway, and the document does say: "After Access Policy evaluation, the session ID remains static.". But the interesting part is that I can use the last 8 digits anything as the first 24 digits and it is successful-- it doesn't have to match the value of the MRHSession cookie. I am, however, checking a full match with my code as I require it to match all 32 digits.
Hi,
You can have a look at this article : https://support.f5.com/csp/article/K15387
They explain that the first 24 HEX digits is rotated during policy evaluation for security reasons.
I think that the MRHSession is really important when you are under policy evaluation. Once logged in, Last_MRHSession is the only required cookie.
- brad_11480Nimbostratus
well, actually it seems that it only looks at the last 8 digits. seems anything can be used in the first 24 digits.. use z or x (doesn't even have to be hex digits). So don't be fooled thinking the 32 digit string is more secure or has any other significance.....
why they require 32 digits when only 8 are used is strange...
- Yann_Desmarest_Nacreous
hello,
the sid is the full MRHSession cookie value not just the last 8 digits (LastMRH_Session)
- brad_11480Nimbostratus
Good information. I'm using it after the session evaluation is complete and the session is underway, and the document does say: "After Access Policy evaluation, the session ID remains static.". But the interesting part is that I can use the last 8 digits anything as the first 24 digits and it is successful-- it doesn't have to match the value of the MRHSession cookie. I am, however, checking a full match with my code as I require it to match all 32 digits.
- Yann_Desmarest_Nacreous
Hi,
You can have a look at this article : https://support.f5.com/csp/article/K15387
They explain that the first 24 HEX digits is rotated during policy evaluation for security reasons.
I think that the MRHSession is really important when you are under policy evaluation. Once logged in, Last_MRHSession is the only required cookie.
- brad_11480Nimbostratus
well, actually it seems that it only looks at the last 8 digits. seems anything can be used in the first 24 digits.. use z or x (doesn't even have to be hex digits). So don't be fooled thinking the 32 digit string is more secure or has any other significance.....
why they require 32 digits when only 8 are used is strange...
hello,
the sid is the full MRHSession cookie value not just the last 8 digits (LastMRH_Session)
hello,
the sid is the full MRHSession cookie value not just the last 8 digits (LastMRH_Session)
hello,
the sid is the full MRHSession cookie value not just the last 8 digits (LastMRH_Session)
- brad_11480Nimbostratus
I am trying to get session information for another session. When I use the sessiondump command i get 8 digit session numbers, but when i try to use them in a ACCESS::session data get -sid 12345678 it returns an error that the session doesn't exist. from the above example the sid seems to be a much larger value. I'm curious what the sid value should be?
Then, is there a way to obtain the list of active sessions -- sessionid's as I would like to roll through all active sessions and report some of the session information.
thank you.
- Andrea_ArquintNimbostratus
I mean it does work like this
ACCESS::session data set –sid 12345678901234567234562345 session.logon.last.username “”
- Andrea_ArquintNimbostratus
Yes just this works: ACCESS::session data set –sid
Not sure you can delete an APM variable but you can for sure remove its value with the following command :
ACCESS::session data set [-sid ] [-secure] []
where sid is the Session ID and key is the variable name.