Forum Discussion
Jonathan_c
Cirrus
CirrusHow to make a WSS request not restart the session timeout
hi,
We have a page that is used to notify the application if the user is in session or not, without interferring with the session timeout itself. This page is accessed by the client automatically every X seconds.
This is the code:
if {$httpPath == "/pagename"} {
if {([HTTP::cookie value MRHSession] != "") && ([ACCESS::session exists -state_allow]) } {
HTTP::respond 200 content Yes SomeHeader Yes
} else {
HTTP::respond 200 content No SomeHeader No
}
ACCESS::disable
return
}
Now the application team start using some asp.net component called SignalR which uses WSS, let's say the path is /signalr.
This path is also accessed automaticaly every X seconds by the client, and thus restarts the session timeout counter and the app never disconnect.
I need to do the same intervention like the code above does, only with this /signalr page.
Problem is that unlike with the current /pagename path, if I add the /signalr path to the IF, it blocks the request from getting to the app server and breaks the app.
Anyone familiar with this component or know why it acts differently?
Thanks
- Nikoolayy1
MVP
Maybe review the F5 APM Maximum Session Timeout option to kill the session after time no matter what:
https://support.f5.com/csp/article/K12300
Also this is a nice link:
https://support.f5.com/csp/article/K61304174
Outside of that you can try to with a per-request policy with subroutine to trigger an irule after time that kills the session with Rule Event action. This sounds like a cool idea.
Also for some automations and API the Per-request policies or API protection profiles are better than the Access profiles:
