Forum Discussion

Luke_Lehman's avatar
Luke_Lehman
Icon for Employee rankEmployee
Aug 13, 2010

Cookie Insert Persistence Expiration / Timeout Setting

Forgive my ignorance with the topic, but I'm curious about the expiration / timeout settings for Cookie Insert Persistence.

 

 

In reading the F5 manuals the verbiage is as follows:

 

 

Expiration:

 

 

 

Sets the expiration time of the cookie. Applies to the HTTP Cookie Insert and HTTP Cookie Rewrite methods only. When using the default (checked), the system uses the expiration time specified in the session cookie.

 

 

My curiousity surrounds the "session cookie" part of the statement. Which session cookie is this referring to? An application session cookie or something else.

 

 

[Edit]

 

 

Further down in the doc it says this:

 

 

The expiration date for the cookie is set based on the timeout configured on the BIG-IP system.

 

 

Not sure what that means either.

 

 

[/Edit]

 

 

Thanks.
  • When I insert a cookie without specifying the expiration, it defaults to "when browser closes" so I assume a session cookie is a cookie that expires when you close the browser.
  • Posted By Chris Miller on 08/13/2010 11:56 AM

     

    When I insert a cookie without specifying the expiration, it defaults to "when browser closes" so I assume a session cookie is a cookie that expires when you close the browser.

     

    Chris - thanks for the response. Yeah, I'm a little fuzzy too on what exactly the session cookie is. I know that the LTM creates a session table for connections, but am unfamiliar with the possibility of LTM having session cookies. I was under the impression that session cookies were created by the application web servers...
  • An F5 build for an application I'm working on has two Servers listening on port 9000 which require a cookie based load balancing method, which tranfers end-user sessions seamlessly without forceful logouts in case the Server handling the load balancing requests goes down.

     

     

    Currently, there is no SSL termination from the F5, and the SSL handshakes are handled by the Servers themselves. From my conversation at F5 support, they said that cookie insertion is not possible without SSL termination, and currently the F5 is just passing encrypted traffic to the Servers; since Inter-Server authentication is not portable among pool members, the objective cannot be fulfilled in the current scenario.

     

     

    Can SSL termination be done from the F5, along with cookie insertion with Servers listening on port 9000 (other than 80) to fullfil above objective? My goal is to fulfill above objective with minimal intervention from ServerOps or Database team to get this build ready!

     

  • Yes, you can terminate the SSL on the F5; you'll need the private key and certificate.

     

    Yes, you can then use Cookie Persistence.

     

    Yes, you can use any valid port number you'd like for the pool members, the BIG-IP will translate ports automatically.

     

     

    How will the cookie persistence method allow for seamless session transfer?