Forum Discussion
iRule for HTTP::cookie creation works once on the first login. Any login after that no cookie is created
I was able to get this fixed with the help of a colleague. No matter what we tried in the response it always worked for the first person but no one after. We took the when HTTP_RESPONSE out completely and added a when ACCESS_POLICY_COMPLETES.
when ACCESS_POLICY_COMPLETED {
if { [ACCESS::session data get session.custom.suppressmfa.setauthtable] == 1 }{
set sessionauth [ACCESS::session data get session.custom.suppressmfa.setauthtable]
if {$static::AMIADEV_Cookie_debug } {log local0. "AMIA set auth table is $sessionauth"}
table set tab_amia:[IP::client_addr] Authed $static::suppress_mfa(seconds)
set taba [table lookup tab_amia:[IP::client_addr]]
if {$static::AMIADEV_Cookie_debug } {log local0. "$taba"}
HTTP::cookie insert name $static::suppress_mfa(cookie) value $static::suppress_mfa(value) path "/"
if {$static::AMIADEV_Cookie_debug } {log local0. "cookie $static::suppress_mfa(cookie) set for $static::suppress_mfa(seconds)"}
HTTP::cookie expires $static::suppress_mfa(cookie) $static::suppress_mfa(seconds) relative
if {$static::AMIADEV_Cookie_debug } {log local0. "cookie expires in $static::suppress_mfa(seconds)"}
HTTP::cookie secure $static::suppress_mfa(cookie) enable
HTTP::cookie httponly $static::suppress_mfa(cookie) enable
HTTP::cookie encrypt $static::suppress_mfa(cookie) $static::suppress_mfa(passphrase)
ACCESS::respond 302 noserver "Location" [ACCESS::session data get session.policy.result.start_uri] "Cache-Control" "no-cache, must-revalidate" Set-Cookie "$static::suppress_mfa(cookie)=[HTTP::cookie $static::suppress_mfa(cookie)];path=/;secure;httponly;Max-age=$static::suppress_mfa(seconds)"
if {$static::AMIADEV_Cookie_debug } {log local0. "policy completed"}
foreach aHeader [HTTP::header names] {
if {$static::AMIADEV_Cookie_debug } {log local0. "$aHeader: [HTTP::header value $aHeader]"}}
unset sessionauth
unset taba
}
}
- Nikoolayy1Apr 01, 2021MVP
So the HTTP_RESPONSE event didn't match for the users after the first user?
If so this is strange and this as you mentioned did work for older versions. Maybe a bug or change in how the F5 processes packets in the newer versions.
What found is that HTTP_RESPONSE is not triggered for locally generated F5 response and as this is APM, maybe this can be case:
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com