Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

APM sso cookie caching issue

Snl
Cirrostratus
Cirrostratus

‎08-Aug-2019 12:28

Folks

 

need some help , i have VS were using APM SSO for my jboss web application which working fine with kerberous SSO , the problem is this web doesnt hve logout option , user will close the browser directly , but next time same user open in the same url in the browser APM redirecting to ADFS SSO and getting 302 redirect with CORS error

 

i want to get rid of previously used MHRsesion cookie so that every time browser come with new request (after closed the page and open the url again)were APM assign new cookie for SSO session , when i try chrome incognito its working fine since it doesnt store any cache or APM cookie

 

can below irule help

#fire irule before main SSO irule to remove last browser used apm session cookie for previous session

 

when HTTP_REQUEST priority 80 {

 if { ([HTTP::uri] == "/") && [HTTP::cookie exists MRHSession ] && [ACCESS::session exists [HTTP::cookie value MRHSession]] }{

 HTTP::cookie remove MRHSession }{

HTTP::redirect "https://log.abc.com[HTTP::uri]"

 }

}

 

any help appreciated

Labels:
0 Kudos
9 REPLIES 9

Snl
Cirrostratus
Cirrostratus

‎08-Aug-2019 12:47

or just remove the session cookie

 

when HTTP_REQUEST priority 80 {

 if { ([HTTP::uri] == "/") && [HTTP::cookie exists MRHSession ] && [ACCESS::session exists [HTTP::cookie value MRHSession]] }{

 HTTP::cookie remove MRHSession }{

 }

}

 

0 Kudos

Snl
Cirrostratus
Cirrostratus
In response to Snl

‎11-Aug-2019 03:27

can any one assit

0 Kudos

Sajid
Cirrostratus
Cirrostratus

‎11-Aug-2019 09:01

 HTTP::cookie remove MRHSession

    ACCESS::session remove

 

https://clouddocs.f5.com/api/irules/ACCESS__session.html

 

for reference

when HTTP_REQUEST {

if {[HTTP::path] contains "/public" } {

HTTP::cookie remove "LastMRH_Session"

HTTP::cookie remove "MRHSession"

}

}

 

 

for reference

 

when HTTP_REQUEST {

if { ([HTTP::uri] == "/") && [HTTP::cookie exists MRHSession ] && [ACCESS::session exists [HTTP::cookie value MRHSession]] }{

 

HTTP::redirect "https://[HTTP::host]/vdesk/webtop.eui?webtop=/Common/dfw_vpn_webtop&webtop_type=webtop_full"

 

} elseif { [HTTP::cookie exists MRHSession] } {

 

HTTP::cookie remove MRHSession

 

}

 

}

 

 

************************************

0 Kudos

Snl
Cirrostratus
Cirrostratus

‎12-Aug-2019 03:55

Hi Sajid

 

I have seen this irules earlier , my concern is what is the best way to avoid using existing APM session cookie , i am not concern for SSO , user needs re authenticate every time if they close the browser

 

so what is the best way forward here

 

0 Kudos

boneyard
MVP
MVP
In response to Snl

‎13-Aug-2019 10:37

not quite sure what you are looking for now.

 

the best way to avoid using existing APM session cookies is to not send them from the browser. but if they still exist you have to get them deleted. does iRules can that do that.

 

what more are you looking for now?

0 Kudos

Snl
Cirrostratus
Cirrostratus
In response to boneyard

‎13-Aug-2019 22:29 - last edited on ‎01-Jun-2023 14:51 by Fog

Hi Boneyard

does below irule will work ?

#fire irule before main SSO irule to remove last browser used apm session cookie for previous session
 
 
 
when HTTP_REQUEST priority 80 {
 
 if { ([HTTP::uri] == "/") && [HTTP::cookie exists MRHSession ] && [ACCESS::session exists [HTTP::cookie value MRHSession]] }{
 
 HTTP::cookie remove MRHSession }{
 
HTTP::redirect "https://log.abc.com[HTTP::uri]"
 
 }
 
}
0 Kudos

boneyard
MVP
MVP
In response to boneyard

‎18-Aug-2019 03:58

on first glance it seems it will. but the best way to find out is to try, in a test setup would be best.

0 Kudos

Snl
Cirrostratus
Cirrostratus
In response to boneyard

‎19-Aug-2019 00:32

Thanks Boneyard, will test n let n know

0 Kudos

Sajid
Cirrostratus
Cirrostratus

‎12-Aug-2019 12:14

K15387: Overview of BIG-IP APM session cookies 

https://api-u.f5.com/support/kb-articles/K15387?pdf

 

0 Kudos
Copyright © 2023 Khoros, LLC