Forum Discussion

Cirrus

Jan 02, 2023

How to make a WSS request not restart the session timeout

hi, We have a page that is used to notify the application if the user is in session or not, without interferring with the session timeout itself. This page is accessed by the client automatically ev...

application delivery

asp.net

BIG-IP Access Policy Manager (APM)

MVP

Jan 07, 2023

Maybe review the F5 APM Maximum Session Timeout option to kill the session after time no matter what:

https://support.f5.com/csp/article/K12300

Also this is a nice link:

https://support.f5.com/csp/article/K61304174

Outside of that you can try to with a per-request policy with subroutine to trigger an irule after time that kills the session with Rule Event action. This sounds like a cool idea.

https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-sso-13-0-0/20.html

Also for some automations and API the Per-request policies or API protection profiles are better than the Access profiles:

https://www.google.com/search?q=f5+apm+api+protection&sxsrf=AJOqlzX3PfRfb0S0J8Knf3oe2flFibrf3A:1673110250661&source=lnms&tbm=vid&sa=X&ved=2ahUKEwjUiaSx9bX8AhXJS_EDHRHiD6cQ_AUoA3oECAEQBQ&biw=1920&bih=955&dpr=1#fpstate=ive&vld=cid:78fd8c6b,vid:-2ndGH9Dp1Q