Forum Discussion
NimbostratusLegacy app, doesn't reuse existing session
Hi... long time reader, first time poster.
Background
- We act as a reverse proxy. Clients are on the Internet, resources are internal.
- The resource is legacy and overall pretty horrible. The company that owns it rhymes with _historical_. It is comprised of multiple discrete servers with inter-dependence, but they all act on their own. There is no single unified interface or API.
- Each back-end resource has its own virtual server with the same policy tied it.
- Multi-domain authentication is configured for these resources within the policy.
When performing a certain function within the application, browser debugging shows that the existing session is not being reused. A fresh connection is being attempted on one of the back-end resources. As expected, there is a 302 handed back pointing the new session to a login page.
My Thoughts...
Since we are acting as a reverse proxy and facilitating dual-factor authentication, we can't simply exclude the affected VIP from policy. It doesn't seem that a persistent cookie would help this either (though I am open to trying this, and haven't yet tried it). However, if I could determine whether or not an active session with a policy result of 'allow' exists from the same source IP on another related VIP, I could get away with an iRule that bypasses policy. I'm at a loss for where to start on this. I figure an iRule is the way to go, but I have not been able to find many examples for this type of scenario. I'm also open to reconsidering the overall design; however, it works well for every other function (even Java applets!) except for a file upload feature.
