Forum Discussion
session cookie persistence question
Thanks for all your help on this forum. As a newbie I really appreciate all the help. I have another question regarding session cookies. I'm load balancing OWA using a session cookie for persistence. Pretty basic... Sometimes when I log into the OWA front end page and click login, It kicks me back to the login screen. I started doing some digging and it seems the times it has done it, I didn't see the session cookie in my browser. I'm wondering if there is something going on with my browser on my machine, or is it possible the F5 LTM would have a sporadic issue like that. These are new 6900's running 10.2.0 1755,
I would think, it would work or not work. Just wondering if anyone has seen something like this before. Could it be on of the back end servers causing it also. I'm not sure..
Jayson
6 Replies
Hi Jayson,
Are you using a cookie insert persistence profile with the expire time set to 0 (session)? If so, the client should send the cookie on each request as long as the browser is kept open. One common issue with layer 7 based persistence is that you need to apply a OneConnect profile to the virtual server. This ensures that LTM will make a load balancing/persistence decision on each HTTP request. If you're using serverside source address translation (SNAT), you can use the default OneConnect profile with a /0 source mask. If you're not using SNAT, then create a custom OneConnect profile with the source mask set to /32. See this wiki page for details:
https://devcentral.f5.com/wiki/default.aspx/AdvDesignConfig/oneconnect.html
If you're already using OneConnect or adding a OneConnect profile to the virtual server doesn't fix the issue, can you try reproducing the issue with a browser plugin like Fiddler2 or HttpWatch to see what the client is sending? You can also use an iRule to log debug messages on the persistence and load balancing decisions:
https://devcentral.f5.com/wiki/default.aspx/iRules/Persistence_Cookie_Logger.html
Aaron
- Hi Hoolio,
- Thanks again for the input. I guess I didn't answer the question thoroughly last time. I'm using a standard oneconnect profile with an http compression profile with oneconnect enabled. The cookie persistence is a default insert with a session cookie. That seems to be the easiest way to persist on the 2 CAS servers i'm load balancing for OWA. I've tested this an it appears to work well. One thing to mention, there is a proxy on the edge terminating the user's https connection from the internet. The proxy is then making a call to the VIP Like I stated, I haven't really seen any issues. When I was testing the other night, I was trying to break it. IE having multiple browser sessions open, deleting temp files open new ones etc. I think it's ok from what I'm seeing. It's been live for 2 weeks now and our helpdesk hasn't seen any calls other than the standard "how to" type stuff.
- I posted this a while back but am seeing some random issues again with browsers. It could very well be the Server admins have made some changes, but want to make sure that i'm not missing anything and my side is rock solid. I'm by no means a web expert and have more experience with Networking in general. I have 2 CAS servers being load balanced by a pair of LTMS. I followed the deployment guide when setting up the LTMS for OWA and active synch. The only difference is, i'm not doing SSL offloading. Our security team wants it encrypted all the way to the server, so I'm using a SSL client and SSL server profile with a certificate. I'm also using a Default Wan Optimized, Default Lan Optimized profile. The only difference here is the deployment guide states to disable nagle's algorithm.. which I did. With that said , I'm also using a default HTTP optimized compression default profile, with the included list of compression found in the deployment guide. This list consists of doc, xls, visio etc. Finally i'm using a default one connect profile and cookie session persistence. I think i've set it up to the best of my ability.. This is one armed and I'm using snat automap. It's pretty basic and not complicated which is how we like to keep things :-)
- Hi Jayson,
- Hi everyone, I'm having the same issue (back to login screen randomly). Any progress on this? Best regards, Milan
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com