For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Cory_O_150882's avatar
Cory_O_150882
Icon for Nimbostratus rankNimbostratus
Jan 24, 2016

Inactivity Timeout - MultiDomSSO With Persistent MRHSession Cookies

Good morning! I was looking to modify our SharePoint solution published through APM so that in the event of a user utilizing multiple tabs, a logout from one will simply shorten the Inactivity Time...
application delivery
BIG-IP Access Policy Manager (APM)
iRules
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Jan 24, 2016

Hi Cory,

you may try to implement your own soft slo functionality using the [table] command. The stuff I've in my mind would look something like this...

 

if { [set slo_lifetime [table lifetime -remaining "slo_[ACCESS::session sid]"]] eq "" } then {
    if { [HTTP::uri] ends_with "/_layouts/SignOut.aspx" } {
        table set "slo_[ACCESS::session sid]" "1" indef 1860
    }
} else {
    if { $slo_lifetime < 960 } then {
        ACCESS::session remove
        HTTP::respond 302 Location "/vdesk/hangup.php3"
    }
    table delete "slo_[ACCESS::session sid]"
}

 

When the user visits the logoff page, the snipped would create an additional [table] based soft-log-out timer. The soft log out timer would last slightly longer than your original Inactivity Timeout.

  • If the user decides to revisits the site within the next 900 seconds, it would just refresh your APM session and delete the [table] counter.
  • If the user visits the page after 900 seconds has been elapsed, it would kill the APM session and then redirect the user to the logoff page.

Cheers, Kai