Forum Discussion

Lee_Sutcliffe's avatar
Jul 16, 2012

Session persistence - reading application set cookie




We have out-sourced some developers who have written an application in their development load balanced environment however I do not think they use F5.




Now the application has been deployed to our pre-production environment and it doesn't work. This is related to the fact that after a form submission, the app sends an HTTP 302 which has the effect of starting a new session, the request hits another web server in the pool and the app breaks. We have cookie persistence and source address affinity configured for the vip.




Now the developers are adamant that our LTM should be able to read the cookie that is set by the application so that it ensures the sessions remain on the correct servers.


In the 302 the following cookie is set:




Set-Cookie: AUTHTOKEN=jl0fvjb5xrnj40l4qybi55lh; path=/; secure; HttpOnly




However I am not aware of any way that the LTM can interpret this in order to direct traffic to the appropriate server.




We've asked the developers to go back and re-code the application but given their reluctance to do so and time constraints in releasing the product I think an F5 solution would be quicker.




Any advice would be greatly appreciated.








11 Replies