Forum Discussion

Stanislas_Piron's avatar
Icon for Nimbostratus rankNimbostratus
May 18, 2016

LTM+APM session expired detection



When deploying APM in SSL VPN mode, a javascript is inserted to webtop and ressources responses to poll /vdesk/timeoutagent-i.php, detect session timeout and redirect to logout URI /vdesk/hangup.php3?hangup_error=1


When deploying in LTM+APM mode, the user is not redirected to logout URI and this may generate strange behavior when user try to request again the server:


In Outlook Web App and Sharepoint, the application seems unresponsive and the message "Access policy evaluation is already in progress" appears when trying to refresh the page.


I was trying to insert javascript code in HTTP_RESPONSE to create the same behavior of SSL VPN mode unsuccessfully.


    when HTTP_REQUEST {

        Disable the stream filter for all requests

        LTM does not uncompress response content, so if the server has compression enabled
        and it cannot be disabled on the server, we can prevent the server from 
        sending a compressed response by removing the compression offerings from the client
       HTTP::header remove "Accept-Encoding"
    when HTTP_RESPONSE {
        if {([HTTP::header Content-Type] starts_with "text/")} {
            STREAM::expression "@@@"
         Once we've hit one match, disable the stream filter for the rest of the response
        log local0. "APM Timeout javascript : script inserted"

Is there another solution? Does anyone tried to do the same successfully?


3 Replies

  • Hello Stanislas,


    I think I understand your problem/unexpected behaviour. First what do you do with OWA or Sharepoint is Web Access Management and not VPNSSL (You confirm). Because VPNSSL (Webtop) manage correctly timeout for all your ressources.


    You have to now 1 thing when you obtain the error that you've Evoked: "Access policy evaluation is already in progress"


    It means that an access process is already underway. for example if you try to access a service protected by APM Module (Access Policy) by the following url:


    And you don't finalize access policy. Then for example you open a new tab and you enter another URI


    You will obtaine the following error message: "Access policy evaluation is already in progress" Because you try to access to an application with another landing uri without finished the privious attempt.


    So that you obtain for OWA and Sharepoint is normal in my opinion (I already had the case). I'll explain what's going on:


    • Your user is connected correctly to Sharepoint through F5 (with access policy).


    • the session timeout is reached. And this apm session is finished.


    • the problem is that the user is not aware of this because the timeout is reached.


    • So user the user will want to continue to use the application (sharepoint) normally. but when it will click on a link on his browser in rear plan it is redirected on: (if you do a capture you can see it)


    Today several application are developed with bootstrap, angularjs, ajax, json... (not html/txt) and the redirection can't opere for the entire page... and we get this kind of problem.


    I hoped I was clear enough. If you have question don't hesitate, it's very important that you understant this comportment...


    For this kind of problem I developed an irule that manage session. If you are interesting keep me update.




  • Hi,

    To force browser to detect session closed, I wrote the following irule:

    when RULE_INIT {
        set static::jscript {}
         Disable the stream filter by default 
        if { [catch {STREAM::disable}] } {log local0. "Streem disable error"}
        set insertJscript 0 
        HTTP::header remove "Accept-Encoding"
        set authenticated 1
    when HTTP_RESPONSE { 
        if {[info exists authenticated] && ([HTTP::status] == 200) && ([HTTP::header value Content-Type] contains "text")} { 
            set insertJscript 1
            STREAM::expression "@@$static::jscript@"
        if {[HTTP::header exists "Transfer-Encoding"]} {
            HTTP::payload rechunk
         Once we've hit one match, disable the stream filter for the rest of the response
        if { $insertJscript} {
            log local0. "Session Closed detection : Javascript inserted"

    I imported the following javascript file in Hosted content (named detect_session_close.js):

    function detectSessionClosed()
        var rq = new XMLHttpRequest();"GET","/vdesk/timeoutagent-i.php",false);
        if (rq.status === 404) {
    setInterval( detectSessionClosed, 30000);

    It request timeoutagent-i.php every 30 seconds (without extending the APM session) and redirect to logout page if the session is closed.

  • Hello Stanislas_Piro2 ,

    The hosted content is only available for webtop and the webtop is not available in LTM+APM mode as far as I understood.
    So, what would be the best way to inject the JavaScript in LTM+APM mode?
    Thanks for sharings