For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Wynand_van_Nisp's avatar
Wynand_van_Nisp
Icon for Nimbostratus rankNimbostratus
Jun 02, 2008

Session persistance in browser tabs

Hi,     We have a client that has a Java banking app. The issue is as soon as you open multiple tabs the sessions get mixed up since the application uses cookies to maintain its session sta...
application delivery
dev
devops
iRules
spark_86682's avatar
spark_86682
Historic F5 Account
Jun 27, 2008
hoolio is correct; the browser will only keep one cookie for the site and present it no matter which tab is used to access the site.

 

 

There is one clever way around this, and that is to make the browser think that the two tabs have different sites. You could use iRules to add a fake random prefix to the hostname and strip it off before it sends the requests to the real servers. That would require a wildcard cert if you're doing SSL. Of course, it may not be OK for your users to see, for example, a hostname of h3852934510182.yoursite.com in their browser, in which case this wouldn't work.