Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Encryped Coockie Persistence session loss

Anatolyint
Nimbostratus
Nimbostratus

‎03-Mar-2021 01:43

Hello,

 

We have VS setup with two pools and round robin load balancing with cookie Persistence,

We decided to encrypt the cookie to not expose it, but after encrypting it users started to experience session loss.

Any advice how to debug this?

 

Note, after changing back to not encrypted cookie the session loss problem stopped.

Labels:
0 Kudos
5 REPLIES 5

Simon_Blakely
F5 Employee
F5 Employee

‎03-Mar-2021 13:50

You say the VS uses two pools - it this correct?

Or one pool with two members?

 

Where did you set the cookie encryption?

 

You may need to use

K12783074:  Decrypting SSL traffic using the SSL::sessionsecret iRules command (12.x and later)

to view the decrypted TLS traffic to see what is happening when the session fails.

0 Kudos

Anatolyint
Nimbostratus
Nimbostratus

‎06-Mar-2021 23:26

Hello,

 

Thanks for your answer,

I'm using one VS with one pool and two members,

This is how i set up the cookie encryption: https://support.f5.com/csp/article/K14784

I will check out about the traffic decryption.

0 Kudos

Anatolyint
Nimbostratus
Nimbostratus

‎06-Mar-2021 23:30

Hello,

 

My system does not support traffic decryption as it says its only applies for BIG-IP 12.x and later, mine is lower.

0 Kudos

boneyard
MVP
MVP
In response to Anatolyint

‎07-Mar-2021 04:40

first off please look at getting to a higher version, lower than 12 is really getting too old.

 

then the actual issue. does the session loss keep happening even after are few visits to the website? once you switch then it can affect current users as they initially send the unencrypted cookie.

0 Kudos

Simon_Blakely
F5 Employee
F5 Employee
In response to Anatolyint

‎07-Mar-2021 15:30

Then you need to use an irule to log the persistence cookie value, and the load-balancing choice.

It could be that something is corrupting the cookie so that decryption fails, and a new load-balancing decision is made.

 

If you use the browser developer tools and collect a HAR file, do you see the persistence cookie change?

0 Kudos
Copyright © 2023 Khoros, LLC