SSL::session invalidate issue

Hi Aaron,

 

 

Please find below what we see when logging the SSL::sessionid and certificate subject

 

 

Logging has been added as follows:

 

 

------------------------------------------------------

 

when CLIENTSSL_CLIENTCERT {

 

log "Session ID : [SSL::sessionid]"

 

}

 

 

when HTTP_REQUEST {

 

switch [HTTP::uri] {

 

"/f5logout" {

 

log "Session ID Before : [SSL::sessionid]"

 

SSL::session invalidate

 

log "Session ID After : [SSL::sessionid]"

 

log "SSL Cert After : [X509::subject [SSL::cert 0]]"

 

HTTP::redirect "http://domain2"

 

return

 

}

 

}

 

-----------------------------------------------------

 

 

Note that the result is the same when logging after both SSL:session invalidate and HTTP::redirect commands.

 

 

We get....

 

 

first login and browsing

 

Jul 13 11:24:32 local/tmm1 info tmm1[17322]: 01220002:6: Rule IR_ATE_PassCert_V04 : Session ID : 1c5b8031b6a318735016fc00e2309171886c2208429e385c7f573559fc761bc9

 

Jul 13 11:24:32 local/tmm info tmm[17321]: 01220002:6: Rule IR_ATE_PassCert_V04 : Session ID : 1c5b8031b6a318735016fc00e2309171886c2208429e385c7f573559fc761bc9

 

 

logout

 

Jul 13 11:24:41 local/tmm info tmm[17321]: 01220002:6: Rule IR_ATE_PassCert_V04 : Session ID Before : 1c5b8031b6a318735016fc00e2309171886c2208429e385c7f573559fc761bc9

 

Jul 13 11:24:41 local/tmm info tmm[17321]: 01220002:6: Rule IR_ATE_PassCert_V04 : Session ID After :

 

--> the session ID is now unknown OK

 

Jul 13 11:24:41 local/tmm info tmm[17321]: 01220002:6: Rule IR_ATE__PassCert_V04 : SSL Cert After : CN=xyz,...,C=BE

 

--> the certificate is still in the F5 cache NOK

 

 

Login again without closing the browser: access is transparent (no password to provide) and user gets back the same session (The ID is identical)

 

Jul 13 11:25:21 local/tmm2 info tmm2[17323]: 01220002:6: Rule IR_ATE_PassCert_V04 : Session ID : 1c5b8031b6a318735016fc00e2309171886c2208429e385c7f573559fc761bc9

 

 

Bernard