wbrowne's avatar
wbrowne
Icon for Altostratus rankAltostratus
Mar 27, 2021

I had this working perfectly until the 14.1.4 upgrade. When I got f5 support involve they said it is because of the way the new version treats the http::respond. The cookie will create one time for the first person who logs in. However no one else will get the cookie. When I put logging in on the when HTTP_RESPONSE it seems like the f5 is responding correctly with and creating the cookie for that first user because I see this in the log

<HTTP_RESPONSE>: Server: Apache

but then every time after the actual IIS web server of the pool member seems to be responding

HTTP Request Headers: Server: Microsoft-IIS/10.0

and then it looks like it responds twice. They suggested I needed an HTTP::close. That did seem to help for the first user as when the cookie expired and after the next login the cookie was created for that user. But only if he was using the same browser. I also noticed I can repeat the process if I force the active to standby and try again. The first person to login will get the cookie but no on else. I attached 2 examples of the logs created. Is anyone else on version 14.1.4 and experiencing this issue?

when HTTP_RESPONSE {
    # if table shoud be set then take record of the ClientIP and set encrytped cookie
   if { [ACCESS::session data get session.custom.suppressmfa.setauthtable] == 1 } {
		table set tab_amia:[IP::client_addr] Authed $static::suppress_mfa(seconds)
}
		HTTP::cookie insert name $static::suppress_mfa(cookie) value $static::suppress_mfa(value) path "/"
			if {$static::AMIADEV_Cookie_debug } {log local0. "cookie $static::suppress_mfa(cookie) set for $static::suppress_mfa(seconds)"}
		HTTP::cookie expires $static::suppress_mfa(cookie) $static::suppress_mfa(seconds) relative
			if {$static::AMIADEV_Cookie_debug } {log local0. "cookie expires in $static::suppress_mfa(seconds)"}
		HTTP::cookie secure $static::suppress_mfa(cookie) enable
	        HTTP::cookie httponly $static::suppress_mfa(cookie) enable
	        HTTP::cookie encrypt $static::suppress_mfa(cookie) $static::suppress_mfa(passphrase)
		HTTP::header "Cache-Control" "max-age=$static::suppress_mfa(seconds)"
		HTTP::close
		foreach aHeader [HTTP::header names] {
			if {$static::AMIADEV_Cookie_debug } {log local0. "HTTP Request Headers: $aHeader: [HTTP::header value $aHeader]"}}
		ACCESS::session data set session.custom.suppressmfa.setauthtable 0
		}
    }