Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

toto66's avatar
toto66
Icon for Nimbostratus rankNimbostratus
Apr 12, 2016

WebLogic universal persistance - multiple (JSESSIONID) cookie names

Hello experts, we have a customer which uses a Java Web-Application hosted on WebLogic middleware. In the past this was quite simple, we used this iRule for managing the universal persistance: w...
application delivery
big-ip
cookie persistence
jsessionid
LTM
uie
weblogic
cjunior's avatar
cjunior
Icon for Nacreous rankNacreous
Apr 12, 2016

Hello dude,

I didn't understand if you want to check if there is any order of procedence or if you are looking for a dynamic way to read cookies by name.

Following my example, it's checking if any of the requested cookies has previous persistence considering that the request may have more than one session cookie.

Regards. 
when HTTP_REQUEST {
    set uie_key ""
    foreach cookie [HTTP::cookie names] {
        if { $cookie starts_with "JSESSIONID" } {
            set uie_key [string tolower [HTTP::cookie value $cookie]]
            if { [persist lookup uie $uie_key] ne "" } {
                  contains persist-record
                break
            }
        }
    }
    if { $uie_key eq "" and [string match -nocase *jsessionid* [HTTP::path]] } {
        set uie_key [getfield [findstr [string tolower [HTTP::path]] "jsessionid" 10] "=" 2]
    }
    if { $uie_key ne "" } {
        persist uie $uie_key 300
    }
    unset uie_key
}

when HTTP_RESPONSE {
    foreach cookie [HTTP::cookie names] {
        if { $cookie starts_with "JSESSIONID" } {
            persist add uie [string tolower [HTTP::cookie value $cookie]] 300
            break
        }
    }
}