Forum Discussion

mahnsc's avatar
mahnsc
Icon for Nimbostratus rankNimbostratus
Apr 14, 2011

JSESSIONID's with null or empty values

Hi everyone. I'm using the jsessionid irules from this post. The only thing I've modified are the inactivity timeout periods (and disabled logging). The rule has worked fine for me in all previou...
application delivery
dev
devops
iRules
hooleylist's avatar
hooleylist
Icon for Cirrostratus rankCirrostratus
Apr 22, 2011
Interesting. Nice work in figuring this out. So the cookie value isn't null, but it's "close" to it üôÇ

Can you try this: 


when HTTP_REQUEST {

    Check if the JSESSIONID cookie is present in the request and has a non-null value
   if { [HTTP::cookie "JSESSIONID"] ne "" }{

       Persist on the JSESSIONID cookie value for X seconds
      persist uie [HTTP::cookie "JSESSIONID"] 2700

   } else {

       Cookie wasn't set or didn't have a value, so check for the session ID in the URI
      set jsess [findstr [HTTP::uri] "JSESSIONID" 11 ";"]
      if { $jsess != "" } {
          Persist on the JSESSIONID URI value for X seconds
         persist uie $jsess 2700
      }
   }
}
when HTTP_RESPONSE {

    Check if the JSESSIONID cookie is present in the response and has a non-null value
   if { [string map {\" ""} [HTTP::cookie "JSESSIONID"]] ne "" }{

       Persist on the JSESSIONID cookie value for X seconds
      persist add uie [HTTP::cookie "JSESSIONID"] 2700
   }
}

I don't have an easy way to test this at the moment, but I think that should work to strip out any actual double quotes from the cookie value in responses before checking it.

Aaron