Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

session persistence irule for websphere

bushki_292100
Nimbostratus
Nimbostratus

‎24-Jul-2018 08:07

hi all

 

i currently have 2 ibm websphere servers (not part of a websphere cluster) that host the same application. The F5 pool contains both servers and i have an irule which i took from the following guide: https://www.f5.com/pdf/deployment-guides/ibm-websphere-8-dg.pdf

 

the rule i used is:

 

when CLIENT_ACCEPTED { set add_persist 1 } when HTTP_RESPONSE { if { [HTTP::cookie exists "JSESSIONID"] and $add_persist } { persist add uie [HTTP::cookie "JSESSIONID"] set add_persist 0 } } when HTTP_REQUEST { if { [HTTP::cookie exists "JSESSIONID"] } { persist uie [HTTP::cookie "JSESSIONID"] } else { set jsess [findstr [HTTP::uri] "jsessionid" 11 ";"] if { $jsess != "" } { persist uie $jsess } } }

 

from my understanding, this should use the JSESSIONID which websphere hands out to persist users to the node they originally connected to. This seems to work generally. However i have had reports throughout the business that the users get kicked out of the application and have to log in again, this sometimes happens as frequently as 10 mins. The website is configured with SSO using kerberos/spnego and i have checked all websphere config which supports that the session timeout is 150 mins (and that should be idle).

 

after troubleshooting, what i am finding is that randomly the JSESSIONID changes, which obviously results in the users being directed to the pool member based on the LB method (round robin in this case). So my assumption is that they are being directed to the server they weren't logged into both and thus have to sign in. I can only think 1 of 2 things are happening:

 

  • the jessionid is timing out and thus is no longer valid and the LB is then directing the user to a different node and they get another server....this would be an issue with websphere
  • the LB is deciding that the persistence is no longer valid and sends the user to a different server which then gives the user a different jsessionid

i am really struggling to figure out whats going on here. is there anyone who can recommend anything else i can check or a better way to troubleshoot? such as checking irule hits and whether or not the irule sees it as a pass/fail?

 

Labels:
0 Kudos
1 REPLY 1

stridentovercoat
Nimbostratus
Nimbostratus

‎06-Nov-2023 10:39

Did you manage to find a solution to this? Running into the same exact issue right now.

0 Kudos
Copyright © 2023 Khoros, LLC