Forum Discussion

yruss972_100711's avatar
Icon for Nimbostratus rankNimbostratus
Dec 27, 2010

visitor/session cookie without persistence




I'm setting up a new Application Performance Monitoring appliance and although most of our traffic is session-less and stateless, we could get a lot of information if the APM appliance could identify traffic per visitor.



Rather than modify the applications, I thought I should be able to get the F5 to give each person a unique cookie on the first request that comes without a cookie- kind of like session persistence without the persistence?



Is there anyway to do this without an IRule? Maybe in an HTTP class or HTTP profile? Other possibilities?






7 Replies

  • Hi Yonah,



    The persistence cookie is an encoding of the selected pool member IP and port. So it wouldn't be unique to the user. It would be relatively simple to generate a unique session ID token that you insert in requests and/or responses when one isn't present already using an iRule. Is the performance monitoring appliance on the client or server side of LTM? ie, would you want to ensure the session ID is in requests sent to the pool or back to the client?



    Also, which LTM version are you running?



  • Hi,



    I know we could do this with iRules but we have a large number of virtual services and I was hoping to find a way to configure this on a broader level :/


    We are planning to use clone pools to traffic to the appliance- probably client side.


    The session ID should show in the requests from the client to the virtual server so the appliance can group the requests of a single user.


    We do not need any real session management- so if the user comes back in a day or two and the cookie is still there, it is fine and even preferable to us.


    We are running 10.2







  • The only option I can think of is to use an iRule to generate a session ID and insert that into requests sent to the pool and in a cookie sent back to the client. You could potentially use one iRule and apply it to all of the virtual servers.



    Other than that, I can't think of another way to implement this on LTM.



  • I'm with Aaron on an iRule being the only option I could come up with. Perhaps inserting a cookie/header with the value being some sort of combination of Client IP + Source Port + Time...that should be unique enough. The first part of the rule would check whether the cookie existed and if it did, would pass it through unadjusted. If it didn't exist, we'd insert it in the response.
  • Client IP:port and current time in seconds for a session cookie value should be lightweight and collision proof. Nice idea Chris.



  • Maybe something like this?

    when RULE_INIT {
       set static::session_cookie "my_session_cookie"
    when HTTP_REQUEST {
        Check if cookie exists in request
       if {[HTTP::cookie $static::session_cookie] eq ""}{
          set insert_cookie 1
       } else {
          set insert_cookie 0
    when HTTP_RESPONSE {
        Insert a cookie in the response if one wasn't present in the request.
        Use the client IP:port plus unixtime.
        Could use something random instead like an 8 digit psuedo random number: [format "%08d" [expr { int(100000000 * rand()) }]]
       if {$insert_cookie}{
          HTTP::cookie insert name $static::session_cookie value "[IP::client_addr]_[TCP::client_port]_[clock seconds]"

    If you want to use this on multiple virtual servers and differentiate between them with the session ID, you could prepend the vs name using [virtual name].

  • Hoolio,



    Can this same iRule be setup to create a persistent cookie instead of a session cookie? If so, can you display this code as well?