JSESSIONID's with null or empty values

mod_proxy doesn't appear to be a contributing factor here. The updates to the rule seemed to have done the trick.

Someone pointed out that I'd missed the "add" in persist add in HTTP_RESPONSE. I've edited the post above to show that.

 

 

Aaron

I guess I spoke too soon. Apparently, unbeknownst to me, when i was testing and things were working, the developers had shut down one of the app servers. When both app servers are running, I get a Tcl error - Illegal Value when the jsessionid is blank. I'm running a fairly old version of the OS, 9.4.7. Are there any known issues with tcl and empty values that I could be running into? I get this using the newly updated rule above.

Hi Chris,

 

 

I had a couple of typo's in the iRule that I updated on the 16th. Can you try that version and retest?

 

 

Thanks, Aaron

Hi Aaron. Yeah, I modified the rule with the above updates and still generate a Tcl error:

TCL error: jsessionid_persist_v2_rule  - Illegal value (line 1)     invoked from within "persist add uie [HTTP::cookie "JSESSIONID"] 2700" 

I then added a simple logging statement to see what the value of the JSessionID was in the HTTP Response, so the HTTP_RESPONSE portion of the rule looks like this:

 when HTTP_RESPONSE {

    Check if the JSESSIONID cookie is present in the response and has a non-null value
   if { [HTTP::cookie "JSESSIONID"] ne "" }{
      log local0. "JSessionID in Response:  [HTTP::cookie "JSESSIONID"]"
       Persist on the JSESSIONID cookie value for X seconds
      persist add uie [HTTP::cookie "JSESSIONID"] 2700
   }
}

This logged the jsessionid in the response on successes, giving me entries like the following:

 timestamp: Rule jsessionid_persist_v2_rule : JSessionID in Response: 0C854B89214B1BBE792C37EED980226B.app1
timestamp: Rule jsessionid_persist_v2_rule : JSessionID in Response: CF1D39BD092A170227817B907D6E6128.app2

But in my responses where the jsessionid was supposed to be empty, I was still getting the Tcl error like above. So, then for no particular reason, I added an else clause to persist none like so:

when HTTP_RESPONSE {

    Check if the JSESSIONID cookie is present in the response and has a non-null value
   if { [HTTP::cookie "JSESSIONID"] ne "" }{
      log local0. "JSessionID in Response: [HTTP::cookie "JSESSIONID"]"
       Persist on the JSESSIONID cookie value for X seconds
      persist add uie [HTTP::cookie "JSESSIONID"] 2700
   } else {
       persist none
       }
}

Although this did not help with my problem, the one thing it did do was log the value of the jsessionid in the response before logging the Tcl error:

timestamp: Rule jsessionid_persist_v2_rule : JSessionID in Response: "" 

In my log where I'm simply logging the jsessionid, I'm logging the literal jsessionid, which is to be expected, without any surrounding quotes. In the log entry directly above where I'm supposedly logging an empty jsessionid, I think that Tcl on the ltm is literally setting the JSessionID to two double quotes: "", which might explain why my ' If JSessionID is not equal to "" ' does not appear to be working on empty jsessionid values.

Can you log the Set-Cookie header value when the app is trying to null the JSESSIONID cookie?

 

 

log local0. "Set-Cookie: [HTTP::header values Set-Cookie]"

 

 

Thanks, Aaron

Here's what I have:

Timestamp: Rule jsessionid_persist_v2_rule : JSessionID in Response: ""

Timestamp: Rule jsessionid_persist_v2_rule : Set-Cookie: {JSESSIONID=""; Domain=host.domain.com; Expires=Thu, 01-Jan-1970 00} 00 {10 GMT; Path=/; Secure}

Timestamp: 01220001:3: TCL error: jsessionid_persist_v2_rule  - Illegal value (line 1)     invoked from within "persist add uie [HTTP::cookie "JSESSIONID"] 2700" 

This is what is logged when there is a JSessionID:

 Timestamp: Rule jsessionid_persist_v2_rule : JSessionID in Response: 894DD0233388FD39E0D93B15B525D446.app1

Timestamp: Rule jsessionid_persist_v2_rule : Set-Cookie: {JSESSIONID=894DD0233388FD39E0D93B15B525D446.app1; Path=/app; Secure} 

So, I think I might be right. A jsessionid set to two double-quotes seems to be getting set here.

Interesting. Nice work in figuring this out. So the cookie value isn't null, but it's "close" to it üôÇ

Can you try this:

when HTTP_REQUEST {

    Check if the JSESSIONID cookie is present in the request and has a non-null value
   if { [HTTP::cookie "JSESSIONID"] ne "" }{

       Persist on the JSESSIONID cookie value for X seconds
      persist uie [HTTP::cookie "JSESSIONID"] 2700

   } else {

       Cookie wasn't set or didn't have a value, so check for the session ID in the URI
      set jsess [findstr [HTTP::uri] "JSESSIONID" 11 ";"]
      if { $jsess != "" } {
          Persist on the JSESSIONID URI value for X seconds
         persist uie $jsess 2700
      }
   }
}
when HTTP_RESPONSE {

    Check if the JSESSIONID cookie is present in the response and has a non-null value
   if { [string map {\" ""} [HTTP::cookie "JSESSIONID"]] ne "" }{

       Persist on the JSESSIONID cookie value for X seconds
      persist add uie [HTTP::cookie "JSESSIONID"] 2700
   }
}

I don't have an easy way to test this at the moment, but I think that should work to strip out any actual double quotes from the cookie value in responses before checking it.

Aaron

Or another option would be for the app to actually set the cookie value to nothing. That's probably the better fix for this.

 

 

Aaron

This updated rule works for me thanks! I agree with you though. Fixing the app seems to be a much better idea.