Session Time-out based on the username

Question

Hi All,&nbsp;We have a requirement to assign the session time-out for the ssl-vpn based on the username. I did create the below irule, however its not getting the username, hence the class match line will not match.  I did add the log statement for the variable userid, however i have noticed the irule is getting triggered right after the vpn request hits the APM.  I doubt if its the right event to capture the session variables. It would be great if i can get some help here.&nbsp;when ACCESS_SESSION_STARTED {set userid [mcget {session.logon.last.username}]set userip [ACCESS::session data get "session.user.clientip"]	if {[class match $userid equals Userid_Custom_7_days]} {		ACCESS::session data set session.max_session_timeout "604800"		log local0. "Incomming userid : $userid and the session-timeout is 7-Days"	} else {			ACCESS::session data set session.max_session_timeout "86400"		log local0. "Incomming userid : $userid and the session-timeout is 24-Hours"		}&nbsp;}&nbsp;&nbsp;Thanks,Reddy

reddy1 · Answer

Update !!&nbsp;I had this re written under the HTTP event, its now able to get the username.

Forum Discussion

Session Time-out based on the username

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Cisco TACACS+ Config on ISE LTM Pair

Related Content

no reply from big3d: timed out

VPN Session time-out

F5 Architecture Track Sessions - AppWorld 2026

MCP Session Affinity With F5 NGINX Plus

The BIG-IP Application Security Manager Part 9: Username and Session Awareness Tracking

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS