Forum Discussion
Kevin_Davies_40
Nacreous
NacreousMultiple Cookies/Sessions same endpoint
I have a rather unique issue. To access a backend service they come into the VS on a special URL eg. /sendto?mydept=24&myplace=23. I then issue them with an encrypted cookie, lets call it "dst" for example, using a redirect which sends them to the home page "/" on the same VS. The same iRule detects the cookie, decodes it and sends them off to their destination. This works perfectly. However when we get to multiple sessions from the same user to different backend destinations thats when we run into problems.
I changed the name of the cookie so I can support multiple cookies, but in a way the iRule can tell which of the cookies it needs to use. I appended the SSL session ID to the cookie name and this works as intended. The only problem I am having is multiple connections from the client to the VS keep resuing the same SSL session ID, which is per design from an SSL point of view. I need a way to rollover the session ID for new incoming sessions, eg. ones that hit the starting URL.
Now you have a picture of what I am trying to do, given the limitations of SSL do you think its possible? If so, how would you trigger a new SSL session id and would the clientside cope with multiple SSL session id's to the same destination?
Solved.
Session cookies are automatically bound to the site from which they came. I can have 10 cookies of the same name each from a different site and the browser will present the right cookie depending on the site I am going to access. To solve my problem above will use different site names for each session from the same user.
mysite.virtualserver.com A X.X.X.X mysite1 CNAME mysite mysite2 CNAME mysite mysite3 CNAME mysite mysite4 CNAME mysite mysite5 CNAME mysiteWhere X.X.X.X is address of the virtual server handling 100 web management interfaces behind it using the iRule outlined above to route traffic. The above supports 6 concurrent sessions from the same end user.
Stanislas_Piro2Cumulonimbus
Hi,
What is the goal and the expected behavior (with examples instead of long sentences)
If it is done with an irule, can you share it?
Kevin_Davies_40Sure.
Session 1 -> 302 redirect -> with cookie -> backend webmanagement console
Session 2 -> 302 redirect -> with cookie -> backend webmanagement console
Session 3 -> 302 redirect -> with cookie -> backend webmanagement console
Session 4 -> 302 redirect -> with cookie -> backend webmanagement console
Same client, multiple sessions to different backend webmanagement consoles.
- Kevin_Davies_40
Cannot share iRule but here is pseudo code.
--- pseudo code --- if /backendselection lookup destination address encrypt destination address create headers to set cookie with encrypted address respond with 302 redirect and headers exit irule. if cookie not found reject connection if decrypt fails reject connection get ip address from decrypted cookie send connection to backend address --- end pseudo code --- - Kevin_Davies_40
Hmmmm... how about if I have multiple server names which resolve to the same destination that may be enough of a discriminator. Eg mysite1/2/3/4/5.dns.name -> same virtual server IP address. That way I can align the cookie name with the fqdn name, for example "dst-mysite1", so the iRule can determine which cookie it should be decoding from the incoming host header of the session.
- Kevin_Davies_40
Solved.
Session cookies are automatically bound to the site from which they came. I can have 10 cookies of the same name each from a different site and the browser will present the right cookie depending on the site I am going to access. To solve my problem above will use different site names for each session from the same user.
mysite.virtualserver.com A X.X.X.X mysite1 CNAME mysite mysite2 CNAME mysite mysite3 CNAME mysite mysite4 CNAME mysite mysite5 CNAME mysiteWhere X.X.X.X is address of the virtual server handling 100 web management interfaces behind it using the iRule outlined above to route traffic. The above supports 6 concurrent sessions from the same end user.