newbie persistence question cookie and/or message body

stephent_88282 · ‎06-Aug-2012

I'm trying to persist based on a cookie value sent by one application client and for another client use a string that is in the post body: This is what I think will work. Am I close?

~~rule http_persist_rl {~~

~~when HTTP_REQUEST {~~

~~if { [HTTP::cookie exists "SessionId"] } {~~

~~if { [HTTP::cookie "SessionId"] != ""} {~~

~~LB::detach~~

~~persist uie [HTTP::cookie "SessionId"]~~

}

~~} else if {http_method == “POST” and findstr(http_content,”SessionId=”,10,’&’) != “”} {~~

~~LB:detach~~

~~Persist uie [findstr(http_content,”SessionId=”,10,’&’)]~~

}

~~when HTTP_RESPONSE {~~

~~if { [HTTP::cookie exists "SessionId"] } {~~

~~if { [HTTP::cookie "SessionId"] != "" } {~~

~~persist add uie [HTTP::cookie "SessionId"]~~

}

The cookie name is "SessionId" and the value is an alpha-numeric GUID. The same type of data is sent by another client as part of the request parameters in a POST. ...&SessionId=388292382hfgd223223923gf&...

Since the service behind the LB does not set or use cookies on the response unless the cookies are passed in what will happen for the case where there is no cookie on the Response? Will that cause no persistence for the POST case?

~~The client using POST has tried to add the SessionId cookie into the headers using Set-Cookie: and I can see it in the headers but there does not seem to be consistent (if any) persistence~~

stephent_88282 · ‎07-Aug-2012

After some more looking around I'm thinking this will get the job done. Not certain on all the syntax. Any suggestions would be welcome.

rule http_persist_rl2 {

when HTTP_REQUEST {

check for SessionId Cookie

set session ""

if { [HTTP::cookie exists "SessionId"] } {

if { [HTTP::cookie "SessionId"] != ""} {

set session [HTTP::cookie "SessionId"]

}

check for Set-Cookie header with SessionId

else if {[HTTP::header count "Set-cookie" ] > 0 } {

set all_set_cookies [HTTP::header "Set-cookie" ]

foreach one_set_cookie $all_set_cookies {

if { $one_set_cookie contains "SessionId" } {

set session [ findstr($one_set_cookie,"SessionId=",10,';') ]

}

check for SessionId in the body if the method is POST

else if {http_method == "POST" and findstr(http_content,"SessionId=",10,'&') != ""} {

set session [findstr(http_content,"SessionId=",10,'&')]

}

if { $session != "" } {

LB:detach

persist uie [ $session ]

}

when HTTP_RESPONSE {

set session ""

check for SessionId Cookie

if { [HTTP::cookie exists "SessionId"] } {

if { [HTTP::cookie "SessionId"] != "" } {

set session [HTTP::cookie "SessionId"]

}

check for Set-Cookie header with SessionId

else if {[HTTP::header count "Set-cookie" ] > 0 } {

set all_set_cookies [HTTP::header "Set-cookie" ]

foreach one_set_cookie $all_set_cookies {

if { $one_set_cookie contains "SessionId" } {

set session [ findstr($one_set_cookie,"SessionId=",10,';') ]

}

check for SessionId in the body

XML response id

else if { findstr(http_content,"SessionId>",9,'<') != "" } {

set session [findstr(http_content,"SessionId>",9,'<')]

}

if { $session != "" } {

persist add uie [ $session ]

}

Michael_Yates · ‎07-Aug-2012

Hi stephent,

You may want to take a look at this example. It is very similar in purpose and much simpler in application:

ASP Session ID Persistence

DevCentral

newbie persistence question cookie and/or message body

MFA required on DevCentral