For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Wynand_van_Nisp's avatar
Wynand_van_Nisp
Icon for Nimbostratus rankNimbostratus
Jun 02, 2008

Session persistance in browser tabs

Hi,     We have a client that has a Java banking app. The issue is as soon as you open multiple tabs the sessions get mixed up since the application uses cookies to maintain its session sta...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jun 02, 2008
Is this an accurate summary of the scenario?

 

 

Without the BIG-IP, a client opens one tab and accesses the application. The app creates a session and sends a session cookie in the response. The client sends further requests in the initial tab and the application works as expected based on the single session. The user then manually opens a new tab and accesses the same application. At this point the client doesn't send the original session cookie. The application attempts to prompt the user to start a new session.

 

 

Up until now is this all expected, working behavior? Now the client goes back to the first tab and they get the second tab's session details?

 

 

Is the above an accurate summary of the issue? I'd expect the cookies to be shared across tabs in both IE and Firefox, so I'm not sure if the above scenario is possible. Also, where does Java come into play?

 

 

Can you use Fiddler for IE or LiveHttpHeaders for Firefox along with the Java debug console to track exactly what the client sends and receives when a failure occurs? Once you get an accurate understanding of the failure without the BIG-IP you can consider whether it's possible to fix it with an iRule or other configuration on the BIG-IP.

 

 

Aaron