Forum Discussion
OTS02
Cirrus
Cirrusuniversal persistence using jsessionid
Have Universal persistence set up and use this irule:
when HTTP_RESPONSE {
if { [HTTP::cookie exists "JSESSIONID"] } {
persist add uie [HTTP::cookie "JSESSIONID"]
log local0. "[IP::client_addr] Clairmail persistence HTTP_Response [HTTP::cookie "JSESSIONID"]"
}
}
when HTTP_REQUEST {
if { [HTTP::cookie exists "JSESSIONID"] } {
persist uie [HTTP::cookie "JSESSIONID"]
log local0. "[IP::client_addr] Clairmail HttpRequest [HTTP::cookie "JSESSIONID"]"
}
}
Works great with IE, but some boutique browsers append extra cookies. If the original jsession cookie does not happen to be first in the list, the LTM treats it as though it is not there, and persistence fails. I know there must be a way to force the LTM to look into the whole string.
Grateful for any help.
17 Replies
hoolioCirrostratus
Hi,
Which browser(s) are you seeing the failure on? Can you log the values for the set-cookie headers in the iRule?
If there are multiple JSESSIONID cookies in the request and/or response, which do you want to use? Or do you want to try using all of them?
Also, it would be good to check that the cookie value isn't null before using it for persistence:when HTTP_RESPONSE { if { [HTTP::cookie "JSESSIONID"] ne ""} { persist add uie [HTTP::cookie "JSESSIONID"] log local0. "[IP::client_addr] Clairmail persistence HTTP_Response. Cookies: [HTTP::header values Cookie]" } } when HTTP_REQUEST { if { [HTTP::cookie "JSESSIONID"] ne ""} { persist uie [HTTP::cookie "JSESSIONID"] log local0. "[IP::client_addr] Clairmail HttpRequest. Set-Cookies: [HTTP::header values Cookie]" } }
Aaron- OTS02Firefox was the only one I knew for sure. I did a tcpdump to see what was going on. We were short on time, so we worked out alternate solution. But would like to get this working, as it would be more elegant.
It worked when the cookie string looked like this:
Cookie: JSESSIONID=99713BB629EB4F07EE7CD75259A5E4B1
But did not work when the cookie string looked like this:
Cookie: csrLoginInfo=%7B%22loggedInTime%22%3A%22Fri%2C%2015%20Jul%202011%2022%3A54%3A50%20GMT%22%7D; JSESSIONID=99713BB629EB4F07EE7CD75259A5E4B1
You see the jsessionid cooke is still in there, but if not at the front, the LTM doesn't see it. I never saw multiple jsessionid cookies, but if the whole string got inspected, I don't think hat would hurt anything either. - nitass
Employee
HTTP::cookie seems to be okay for me.[root@ve1023:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.19.79:80 ip protocol 6 rules myrule profiles { http {} tcp {} } } [root@ve1023:Active] config b rule myrule list rule myrule { when HTTP_REQUEST { log local0. "Cookie header: [HTTP::header Cookie]" log local0. "JSESSIONID value: [HTTP::cookie JSESSIONID]" } } [root@ve1023:Active] config curl http://172.28.19.79 -H "Cookie: JSESSIONID=99713BB629EB4F07EE7CD75259A5E4B1" This is 101 host. [root@ve1023:Active] config Nov 29 20:14:13 local/tmm info tmm[23027]: Rule myrule : Cookie header: JSESSIONID=99713BB629EB4F07EE7CD75259A5E4B1 Nov 29 20:14:13 local/tmm info tmm[23027]: Rule myrule : JSESSIONID value: 99713BB629EB4F07EE7CD75259A5E4B1 [root@ve1023:Active] config curl http://172.28.19.79 -H "Cookie: csrLoginInfo=%7B%22loggedInTime%22%3A%22Fri%2C%2015%20Jul%202011%2022%3A54%3A50%20GMT%22%7D; JSESSIONID=99713BB629EB4F07EE7CD75259A5E4B1" This is 101 host. [root@ve1023:Active] config Nov 29 20:14:25 local/tmm info tmm[23027]: Rule myrule : Cookie header: csrLoginInfo=%7B%22loggedInTime%22%3A%22Fri%2C%2015%20Jul%202011%2022%3A54%3A50%20GMT%22%7D; JSESSIONID=99713BB629EB4F07EE7CD75259A5E4B1 Nov 29 20:14:25 local/tmm info tmm[23027]: Rule myrule : JSESSIONID value: 99713BB629EB4F07EE7CD75259A5E4B1 - hoolioAs Nitass' testing shows, HTTP::cookie should be able to parse multiple cookies in the request or response on the same header line without any issues.
Can you set up a test virtual server to continue troubleshooting this? I'd guess the issue might be a missing OneConnect profile or something else. If you're doing L7 persistence you will need a OneConnect profile on the virtual server. Use a /0 source mask OneConnect profile if you’re using SNAT. Else, use a /32 source mask OneConnect profile if you’re not using SNAT:
http://devcentral.f5.com/wiki/AdvDesignConfig.ONECONNECT.ashx
Aaron - OTS02Hello again,
Tomorrow we will resume testing. I will apply a OneConnect profile to the Virtual Server, update the iRule to check that the jsessionID is not null.
So, let me ask a question, if there is no jessionID, will the fallback persistence profile then be used?
Thanks - nitassif there is no jessionID, will the fallback persistence profile then be used?i do not think so.
[root@ve1023:Active] config b virtual bar list virtual bar { snat automap pool foo fallback persist source_addr destination 172.28.19.79:80 ip protocol 6 persist myuniversal profiles { http {} tcp {} } } [root@ve1023:Active] config b pool foo list pool foo { members 200.200.200.101:80 {} } [root@ve1023:Active] config b profile myuniversal list profile persist myuniversal { defaults from universal mode universal rule myrule } [root@ve1023:Active] config b rule myrule list rule myrule { when HTTP_RESPONSE { if { [HTTP::cookie "JSESSIONID"] ne ""} { persist add uie [HTTP::cookie "JSESSIONID"] log local0. "[IP::client_addr] Clairmail persistence HTTP_Response. Cookies: [HTTP::header values Cookie]" } } when HTTP_REQUEST { if { [HTTP::cookie "JSESSIONID"] ne ""} { persist uie [HTTP::cookie "JSESSIONID"] log local0. "[IP::client_addr] Clairmail HttpRequest. Set-Cookies: [HTTP::header values Cookie]" } } } Case1 JSESSIONID is existing [root@ve1023:Active] config b persist No Persistence Table Entries were found. [root@ve1023:Active] config curl -I http://172.28.19.79 HTTP/1.1 200 OK Date: Thu, 05 Jan 2012 05:59:15 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT ETag: "4183e4-3e-9c564780" Accept-Ranges: bytes Content-Length: 62 Set-Cookie: JSESSIONID=99713BB629EB4F07EE7CD75259A5E4B1; path=/ Content-Type: text/html; charset=UTF-8 [root@ve1023:Active] config b persist PERSISTENT CONNECTIONS Type Virtual Node universal 172.28.19.79:80 200.200.200.101:80 Case2 JSESSIONID is not existing [root@ve1023:Active] config b persist No Persistence Table Entries were found. [root@ve1023:Active] config curl -I http://172.28.19.79 HTTP/1.1 200 OK Date: Thu, 05 Jan 2012 05:59:48 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT ETag: "4183e4-3e-9c564780" Accept-Ranges: bytes Content-Length: 62 Content-Type: text/html; charset=UTF-8 [root@ve1023:Active] config b persist No Persistence Table Entries were found. - OTS02
Hello again,
Applying a OneConnect profile to the Virtual Server and checking that the jsessionID is not null, has solved the original problem. Thanks so much, both of you!
Another problem has cropped up. The application makes calls that do not have jsessionid, so I need to generate some unique (random?) to insert as a cookie. Any thoughts on the simplest way to do this?
Thanks
- hoolioWhy not use cookie insert persistence via a profile instead of persisting on the JSESSIONID cookie with an iRule--particularly if the app doesn't always set a JSESSIONID cookie?
Aaron - OTS02Well, that would break another portion of this animal. And that portion seems to be working OK now.
- OTS02I thought I might get away with something like adding an else onto the end - something like this:
when HTTP_RESPONSE {
if { [HTTP::cookie "JSESSIONID"] ne ""} {
persist add uie [HTTP::cookie "JSESSIONID"]
log local0. "[IP::client_addr] Clairmail persistence HTTP_Response. Cookies: [HTTP::header values Cookie]"
}
}
when HTTP_REQUEST {
if { [HTTP::cookie "JSESSIONID"] ne ""} {
persist uie [HTTP::cookie "JSESSIONID"]
log local0. "[IP::client_addr] Clairmail HttpRequest. Set-Cookies: [HTTP::header values Cookie]"
else {
persist add uie [HTTP::cookie [expr { int(100000000 * rand()) }]]
{
}
But that doesn't comaile because [expr { int(100000000 * rand()) }] is not valid in that context.
