For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

yruss972_100711's avatar
yruss972_100711
Icon for Nimbostratus rankNimbostratus
Dec 26, 2010

visitor/session cookie without persistence

Hi,     I'm setting up a new Application Performance Monitoring appliance and although most of our traffic is session-less and stateless, we could get a lot of information if the APM appliance c...
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jan 04, 2011
Maybe something like this? 


when RULE_INIT {

   set static::session_cookie "my_session_cookie"
}
when HTTP_REQUEST {

    Check if cookie exists in request
   if {[HTTP::cookie $static::session_cookie] eq ""}{
      set insert_cookie 1
   } else {
      set insert_cookie 0
   }
}
when HTTP_RESPONSE {

    Insert a cookie in the response if one wasn't present in the request.
    Use the client IP:port plus unixtime.
    Could use something random instead like an 8 digit psuedo random number: [format "%08d" [expr { int(100000000 * rand()) }]]
   if {$insert_cookie}{
      HTTP::cookie insert name $static::session_cookie value "[IP::client_addr]_[TCP::client_port]_[clock seconds]"
   }
}

If you want to use this on multiple virtual servers and differentiate between them with the session ID, you could prepend the vs name using [virtual name].

Aaron