For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Steven_Ruby_872's avatar
Steven_Ruby_872
Icon for Nimbostratus rankNimbostratus
Jan 17, 2006

more fun with jsessionid persistence

so it seems that some people in development, have decided that we shouldnt make cookies a requirement in our webapp. That means if a clients browser doesnt allow cookies the COOKIE persistence wont wo...
application delivery
dev
devops
iRules
Deb_Allen_18's avatar
Deb_Allen_18
Historic F5 Account
Jun 23, 2006

 

Tough question... You could try it both ways under load with rule timing enabled to determine the most efficient approach.

 

 

If you delete the persistence entry for a cookie-enabled client, that would reduce the size of the persistence table, reducing memory footprint & CPU cycles to parse through it, but I'm not sure if that's a likely bottleneck.

 

 

If you were to delete the persistence entry for any request w/a cookie, you'd have to search for it in the persistence table on each such request, which would increase the CPU cycles required for rule processing, perhaps offsetting the advantage gained above.

 

 

Aside from that, I'd say using uie persistence with a defined timeout for both is more deterministic, since the timeout is managed locally, and also seems be more administratively efficient. With cookies w/expiry, client clock variations may skew the cookie timeout, and if you resort to session cookies instead, you would have different session management behaviour for the 2 sets of clients.

 

 

HTH

 

/deb