Forum Discussion
NimbostratusTCL error Operation not supported
Hi,
I used following iRule posted in "Keep applications active after web interface logoff" https://devcentral.f5.com/questions/keep-applications-active-after-web-interface-logoffanswer132024
It works perfectly fine for me .
As long as the user doesn’t manually logoff all applications keep running regardless of idle timeout and If user clicks the logoff button it terminates everything but following error is being logged when user hits the logoff button .
TCL error: /Common/Citrix_Logoff - session ID lookup failed - Operation not supported (line 1) invoked from within "ACCESS::session sid"
It doesn't affect the functionality of the iRule and I can track the session id in the log :
"if {$static::access_debug} { log local0. "Found session [ACCESS::session sid] in table" }"
but keen to know why TCL error being logged . Any idea ?
when RULE_INIT {
set static::access_debug 0
The logonpage and logoffURI must be entered in all lower case below so when the stringtolower command compares the real path with the static variables, they match correctly
set static::logonpage "https://thisneedstobealllowercase.com/my.policy"
set static::logoffURI "/this/needsto/beall/lowercase"
}
when ACCESS_ACL_ALLOWED {
if {$static::access_debug = 1 } { log local0. "uri=[HTTP::uri] | session=[ACCESS::session sid] | client=[IP::client_addr]:[TCP::client_port]" }
Has the user logged off? (Changed to http_uri instead of http_path 6-17-2014)
if {[string tolower [HTTP::uri]] eq $static::logoffURI } {
if {$static::access_debug = 1 } { log local0. "Detected logoff!" }
need to track the sessionID because after the redirect has been sent, the browser may use an
already established (access granted) tcp connection that will be allowed through ACCESS_ACL_ALLOED.
table add "ctxloggedoutsessions_[ACCESS::session sid]" 1 60 90
store the APM session cookies from the request.
if {[HTTP::cookie exists "MRHSession"]} {
set MRHSession [HTTP::cookie MRHSession]
if {$static::access_debug} { log local0. "MRHSession=$MRHSession" }
}
if {[HTTP::cookie exists "LastMRH_Session"]} {
set LastMRH_Session [HTTP::cookie LastMRH_Session]
if {$static::access_debug} { log local0. "LastMRH_Session =$LastMRH_Session " }
}
}
}
when HTTP_RESPONSE {
set sessionstatus [table lookup "ctxloggedoutsessions_[ACCESS::session sid]"]
check if this reponse is for a session that has been marked as logged off.
if { $sessionstatus == 1 } {
yes, user has logged off.
if {$static::access_debug} { log local0. "Found session [ACCESS::session sid] in table" }
set cookieheaders ""
prepare the APM session cookies to be expired by setting the date to UNIX TS 0
if { [info exists MRHSession] } {
set cookieheaders "MRHSession=$MRHSession;expires=Thu, 01-Jan-1970 00:00:00 GMT;path=/;"
if {$static::access_debug} { log local0. "setting cookie, MRHSession" }
unset MRHSession
}
if { [info exists LastMRH_Session] } {
set cookieheaders "$cookieheaders\r\nSet-Cookie: LastMRH_Session=$LastMRH_Session;expires=Thu, 01-Jan-1970 00:00:00 GMT;path=/;"
if {$static::access_debug} { log local0. "setting cookie, LastMRH_Session" }
unset LastMRH_Session
}
Loop through all other cookies which are set in the repsonse, and expire those as well.
This does not seem to be needed.
if {$static::access_debug} { log local0. "looping cookies..." }
foreach orgCookieName [HTTP::cookie names] {
if {$static::access_debug} { log local0. "found cookie: $orgCookieName=[HTTP::cookie value $orgCookieName]" }
set cookieheaders "$cookieheaders\r\nSet-Cookie: $orgCookieName=[HTTP::cookie value $orgCookieName];expires=Thu, 01-Jan-1970 00:00:00 GMT;[HTTP::cookie path $orgCookieName];"
}
if {$static::access_debug > 0 } { log local0. "Custom cookies: $cookieheaders" }
Send a redirect response to the client. With Connection: Close!
if { $cookieheaders != "" } {
HTTP::respond 302 Location "$static::logonpage" "Set-Cookie" $cookieheaders "X-OLL-CTX-LOGOUT" "1" "Connection" "Close"
} else {
HTTP::respond 302 Location "$static::logonpage" "X-OLL-CTX-LOGOUT" "1" "Connection" "Close"
}
}
}
