For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Andrea_Knapp_28's avatar
Andrea_Knapp_28
Icon for Nimbostratus rankNimbostratus
Mar 12, 2008

Session intermixing issue - due to Cookie not being sent every call?

we are currently having issues with our v9.3 implementation when we go into production we have session intermixing issues with users who are behind a proxy. Tech Support has stated that there is a di...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Mar 12, 2008
I suppose anything is possible. This poster (Click here) found their issue was fixed by setting the cookie on every response.

Here is a cleaned up version which saves the cookie in the request and inserts it if the response doesn't already contain a persistence cookie. I didn't test it, but it looks right.

Can you give this a shot?

Aaron


when HTTP_REQUEST {
    Determine the persistence cookie name.  
    This assumes it hasn't been customized in the persistence profile.
    If it has been customized, just hardcode the name here instead.
   set persist_cookie_name BIGipServer[LB::server pool]
    Save persistence cookie value if it exists in the request
   if {[HTTP::cookie exists $persist_cookie_name]} {
       If the persistence cookie is present in the request, save the value
      set old_cookie_value [HTTP::cookie value BIGipServer$pool_name]
   }
}
when HTTP_RESPONSE {
    If the response doesn't already have a persistence cookie and the request did, insert the value from the request
   if {not ([HTTP::cookie exists $persist_cookie_name]) and [info exists old_cookie_value]}{
      HTTP::cookie insert name $persist_cookie_name value $old_cookie_value
   }
}