Forum Discussion
Brian_69413
Sep 22, 2011Nimbostratus
SSL vs Non-SSL portions of the a website
How do you folks handle SSL(protected) vs non-SSL(public) content on a website while holding persistence for authed users.
We have a site where visitors can log in to view customized content or browse as a guest and see default content.
When they get to protected pages, they need to be logged in and the site needs to switch to SSL, but the rest of the site we would like to be non-SSL.
If we have two virtuals, one for port 80 and the other for port 443, but a shared pool of servers, how would we handle keeping a user with a particular server(persistence) to keep them logged in?
Lots of e-commerce sites do this, and I hope it does not have to be by replicating session data between servers...
- HamishCirrocumulusYou can do persistence across virtual servers with a persistence profile... There's 3 options, selectable individually to match across services, virtual servers and pools. You really just want to match across virtual servers (i.e. your port 80 and your port 443 VS). The persistence profile can be of any type (So it'd probably be cookie in your case).
- Brian_69413NimbostratusThat is certainly easier than I expected...so a session cookie, for example, will hold true to a pool member even when swapping virtuals with the same pool? What would that session cookie do for you if it was a different pool with different members in the second virtual?
- HamishCirrocumulusWhat the session cookie does for you depends on whether it's set for persistence within a VS only, across a service, across VS's, or across pools...
Note that the membership of the default pool in this instance isn't checked... So it could lead to a security hole in your site if you don't encrypt the cookie...
- HamishCirrocumulusThe (vulnerability?|Opportunity for a more interesting life?) exists in match across pools... I don't believe it exists in match across VS and service (But haven't checked), but it's certainly worthwhile making sure that if you have persistence across anything and are using cookies, then make sure you encrypt the cookie...
- Brian_69413NimbostratusPersistence across service is all I would need. Thanks for this insight!
- One thing to note. If you're looking to maintain persistence using the same exact pool across multiple VSs, you can maintain persistence via inserting a custom cookie (specify the name), no need for "match across" option..
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects