For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Kevin_Davies_40's avatar
Kevin_Davies_40
Icon for Nacreous rankNacreous
Jun 18, 2014

Ok here is an iRule that may help you. This treats the request and response sides independently. It uses the information in the cookie to add the jsessionid parameter if it does not exist. You may need to change the case of jsessionid to match your application.

when HTTP_REQUEST {
   no replace on  requests
  STREAM::disable
   turn off compressed responses
  HTTP::header remove Accept-Encoding
   add jsession parameter if cookie exists and it does not
  set sid_cookie [HTTP::cookie jsessionid]
  set sid_query [URI::query [HTTP::uri] jsessionid] 
  set query [HTTP::query]
  if {($sid_cookie ne "") and ($sid_query eq "")} {
    if {$query eq ""} {
      HTTP::query [HTTP::query]?jsessionid=[HTTP::cookie jsessionid]
    } else {
      HTTP::query [HTTP::query]&jsessionid=[HTTP::cookie jsessionid]
    }
  }
  unset query sid_query sid_cookie
}
when HTTP_RESPONSE { 
  if {[HTTP::header "Content-Type"] contains text} {
     remove jsession parameter if cookie exists
    set sid_cookie [HTTP::cookie jsessionid]
    if {$sid_cookie ne "" } {
      STREAM::expression "@?jsessionid=$sid_cookie@@@&jessionid=$sid_cookie@@@jsessionid=$sid_cookie&@@"
      STREAM::enable
    }
  unset sid_cookie 
  }
}

Caveats: While this iRule does what you ask there is no guarantee your application will like what it is doing. It will require you test to make sure it does not break things.