Forum Discussion

Altostratus

Apr 28, 2015

Is there any way, in an iRule, to see if an APM session exists using the regular SID format?

Hi. Does anyone know any way to look up an APM session based on session ID? When I say session ID, I am talking about the session ID format found throughout the product's GUI, report pages, etc (and ...

application delivery

BIG-IP Access Policy Manager (APM)

Cirrostratus

Apr 30, 2015

@Kunjan: Thanks, but no, that won't help, because in my scenario the MRHSession cookie is deleted. I only have the "LastMRH_Session" cookie, which has the shorter 8 character number.

@John: I believe the 8 characters are unique though, because again, they use them literally everywhere inside the product, such as in all the reports, in the "Manage Sessions" screen, etc. Those eight characters are even on every single web request as the "LastMRH_Session" cookie. Yes, the F5 seems to salt it when putting it in the MHRSession cookie to prevent an attacker from forging a request, but it only does that for HTTP requests. Internally in the system it seems to be the unsalted eight characters everywhere, and I'd just like to find a way to look it up using that widespread format.

Any other ideas?

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)