For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Josh_Hill_17083's avatar
Josh_Hill_17083
Icon for Nimbostratus rankNimbostratus
Apr 19, 2010

JSESSION ID Login Issue

Hi,

 

 

I am attempting to integrate LTM with a web application that uses a cookie based jsessionid somehow during the login process that the F5 is not handling.

 

 

To explain, when I browse to the site through the F5, with cookies turned off in my browser, I can see a jsessionid parameter in the address field, and can log in.

 

 

When I switch cookies back on in my browser, I no longer see the jsessionid in the address field, but when I attempt to login to the application, the browser is redirected back to the login page.

 

 

When I try the same process while browsing directly through to the node, the login works with or without cookies enabled.

 

 

There is only one node so I dont believe it is a persistence issue. Any help would be greatly appreciated.

 

 

Cheers

 

Josh
application delivery
dev
devops
iRules

1 Reply

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Apr 19, 2010
    Hi Josh,

     

     

    It would help to identify what's different when you're testing through LTM compared with direct to the application. Are you offloading SSL on LTM and using cleartext to the pool member? Are the VIP and pool member defined on different ports?

     

     

    You can use a browser plugin like HttpFox for Firefox or Fiddler for IE to record the HTTP requests and responses when it's failing through LTM. If the issue is not readily apparent you can compare the failure scenario with the working logs taken on tests direct to the application.

     

     

    Aaron