Forum Discussion
NimbostratusSession timeout in conjunction with cookie persistence
We have a single sign-on application being load balanced/delivered via F5. The goal is to have sessions remain active for 12 hours. On the application side this is what they've set as the session timeout value.
The F5 is using the default cookie insert profile to maintain session persistence so it's expiration is based on the session. We've previously been using the default tcp profile idle timeout value of 5 minutes on the virtual server for this application. The application owners would like to see the idle timeout value changed to the 12 hours for this site to maintain the session on the F5 connection table.
So a couple of questions surrounding this...
Setting the idle timeout value to 12 hours seems like a bad idea even if it is just for one application. If a session were to idle timeout of the connection table after 5 minutes but the session cookie was still valid on the client, the next time the user attempted connection to the sso application would the F5 see that BigIP session cookie exists already and persist it back to the same pool member?
If we have to go with an idle timeout value of 12 hours at that point the keep alive interval of 1800 seconds (or whatever we set it to) comes in to play. Would it be advisable to increase that value to something like 3600 seconds or once an hour?
Is there a better way or something else we should be doing to ensure the F5 isn't cutting that 12 hour session limit off to soon?
This is all on 12.1.2 HF2.
Thanks
Only1masterbla1Cirrus
The best solution is for application to sent keep-alives at regular intervals (interval < timeout). Otherwise set timeout value of 12 hours. Cookie timer will expire after session closure.