cancel
Showing results for 
Search instead for 
Did you mean: 

Encryped Coockie Persistence session loss

Anatolyint
Nimbostratus
Nimbostratus

Hello,

 

We have VS setup with two pools and round robin load balancing with cookie Persistence,

We decided to encrypt the cookie to not expose it, but after encrypting it users started to experience session loss.

Any advice how to debug this?

 

Note, after changing back to not encrypted cookie the session loss problem stopped.

5 REPLIES 5

Simon_Blakely
F5 Employee
F5 Employee

You say the VS uses two pools - it this correct?

Or one pool with two members?

 

Where did you set the cookie encryption?

 

You may need to use

K12783074:  Decrypting SSL traffic using the SSL::sessionsecret iRules command (12.x and later)

to view the decrypted TLS traffic to see what is happening when the session fails.

Anatolyint
Nimbostratus
Nimbostratus

Hello,

 

Thanks for your answer,

I'm using one VS with one pool and two members,

This is how i set up the cookie encryption: https://support.f5.com/csp/article/K14784

I will check out about the traffic decryption.

Anatolyint
Nimbostratus
Nimbostratus

Hello,

 

My system does not support traffic decryption as it says its only applies for BIG-IP 12.x and later, mine is lower.

first off please look at getting to a higher version, lower than 12 is really getting too old.

 

then the actual issue. does the session loss keep happening even after are few visits to the website? once you switch then it can affect current users as they initially send the unencrypted cookie.

Then you need to use an irule to log the persistence cookie value, and the load-balancing choice.

It could be that something is corrupting the cookie so that decryption fails, and a new load-balancing decision is made.

 

If you use the browser developer tools and collect a HAR file, do you see the persistence cookie change?