Nimbostratussession persistence irule for websphere
hi all
i currently have 2 ibm websphere servers (not part of a websphere cluster) that host the same application. The F5 pool contains both servers and i have an irule which i took from the following guide: https://www.f5.com/pdf/deployment-guides/ibm-websphere-8-dg.pdf
the rule i used is:
when CLIENT_ACCEPTED { set add_persist 1 } when HTTP_RESPONSE { if { [HTTP::cookie exists "JSESSIONID"] and $add_persist } { persist add uie [HTTP::cookie "JSESSIONID"] set add_persist 0 } } when HTTP_REQUEST { if { [HTTP::cookie exists "JSESSIONID"] } { persist uie [HTTP::cookie "JSESSIONID"] } else { set jsess [findstr [HTTP::uri] "jsessionid" 11 ";"] if { $jsess != "" } { persist uie $jsess } } }
from my understanding, this should use the JSESSIONID which websphere hands out to persist users to the node they originally connected to. This seems to work generally. However i have had reports throughout the business that the users get kicked out of the application and have to log in again, this sometimes happens as frequently as 10 mins. The website is configured with SSO using kerberos/spnego and i have checked all websphere config which supports that the session timeout is 150 mins (and that should be idle).
after troubleshooting, what i am finding is that randomly the JSESSIONID changes, which obviously results in the users being directed to the pool member based on the LB method (round robin in this case). So my assumption is that they are being directed to the server they weren't logged into both and thus have to sign in. I can only think 1 of 2 things are happening:
- the jessionid is timing out and thus is no longer valid and the LB is then directing the user to a different node and they get another server....this would be an issue with websphere
- the LB is deciding that the persistence is no longer valid and sends the user to a different server which then gives the user a different jsessionid
i am really struggling to figure out whats going on here. is there anyone who can recommend anything else i can check or a better way to troubleshoot? such as checking irule hits and whether or not the irule sees it as a pass/fail?
