For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

paloum_73628's avatar
paloum_73628
Icon for Nimbostratus rankNimbostratus
Jun 14, 2011

Sticky session for cookiless clients

Hello,

 

 

I am in study phase of a project where I would like to ensure session persistence between cookieless web clients and application server instances (Tomcat or Weblogic).

 

 

Between the web clients and the application servers instances hosting my webapps I consider using an F5 Load Balancer (hence posting this topic here, apologies if this is not the correct forum).

 

 

Hence the session needs to be persisted somehow. I would like to avoid handling this at server side by doing some URL rewriting.

 

 

1) Can this be done using a specific F5 equipement / setting, which equipement and how ?

 

 

2) Can I ensure session persistence based on HTTP header sent by the client (cookiless). Will F5 equipement store in a table the header value and the session id to find out the application server instance at the next query ?

 

 

Many Thanks for your answers.

 

 

P.

 

application delivery
dev
devops
iRules

4 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Jun 14, 2011
    Hi,

     

     

    So the clients don't support cookies but can be configured to send a custom HTTP header with a session ID? What kind of client is this?

     

     

    In concept, TMM can persist on any request header or payload token. Headers are easier as TMM wouldn't need to buffer the request payloads. But it should be fairly simple to parse the HTTP header value and persist on it using 'persist uie':

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/persist

     

     

    TMM will store the token value and corresponding pool member IP:port. On each request where the client presents that token, they will be persisted to the same pool member.

     

     

    Aaron
  • paloum_73628's avatar
    paloum_73628
    Icon for Nimbostratus rankNimbostratus
    Jun 14, 2011
    Hello, Thanks for your prompt reply I will have a look at TMM. "So the clients don't support cookies but can be configured to send a custom HTTP header with a session ID? What kind of client is this? " => It is Flex based clients or 3rd part clients using SOAP and for which we have no garanties that they accept cookies. => no the session id is not on the HTTP header but provided by the application server instance at each session issued by the client. My real concern here is to ensure not only server persistence (same session goes to the same application server instance) but session persistence (a session S1 going to application server instance ASI1 based will go at the next round trip to the same application server ASI1 AND most importantly with the same session id so the session persistence is maintained. Otherwise we loose the session). BR

     

     

    Note : here by session we mean Http session.

     

  • paloum_73628's avatar
    paloum_73628
    Icon for Nimbostratus rankNimbostratus
    Jun 15, 2011
    Moreover can you point me some links to find documentation related to TMM product ? Thanks in advance. P.
  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    Jun 15, 2011
    The TMM (Traffic Management Microkernel) is a process that runs on the BIG-IP.

     

     

    You can review SOL3242 (http://support.f5.com/kb/en-us/solutions/public/3000/200/sol3242.html) for an overview if you want specific information on it, but Hoolio is describing some of the functionality that it can provide you with your persistence issue.