For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

paulfish's avatar
paulfish
Icon for Nimbostratus rankNimbostratus
Sep 02, 2015

Internet Explorer Creditials Cache on APM _ Session Timeout

Hi,

 

I got this from support and thought it might be useful to post in here as they are saying it is a common problem on IE.

 

When IE authenticates using either NTLM or Kerberos it caches the authentication. Even when the Kerberos ticket expires (10hours default of AD) it still keeps the credentials. If the APM session times out, when it throws a 401 to challenge the client, it thinks it is still authenticated and decides the Kerberos or NTLM has failed and put's an auth box.

 

More info here

 

https://devcentral.f5.com/questions/access_session_closed-commands

 

My issue is the code sent, will put the browser to the / of the webserver.

 

Is there a way to read the initial uri from the client, issue the

 

void(document.execCommand('ClearAuthenticationCache'));

Then send the client to the uri it was requesting in the first instance?

 

Thanks

 

when ACCESS_SESSION_STARTED { 
 if { [HTTP::header "Authorization"] ne "" } {
   set vContent {
   
  
  
  
  
 
  
   }
   ACCESS::respond 200 content $vContent
   ACCESS::session remove
   unset vContent
 }
}
application delivery
devops
iRules
No RepliesBe the first to reply