Forum Discussion

Ronnie110755's avatar
Ronnie110755
Icon for Altostratus rankAltostratus
Jan 24, 2023
Solved

Traffic Policies: More detailed information on Actions

I am in a situation where I need to employ Session Persistence via cookie insert method in a traffic policy rule.

I understand the cookie insert session persistence , that's not a problem but there are some action 'fields' that I want to be sure I am interpreting them correctly.  

'named' is not a problem, but 'for' ?? I am not sure how to interpret that and 'request'? Request seems pretty obvious even though it might seem to conflict with the cookie insert documentation which indicates the response form the server is when the cookie gets inserted. Plus there are other options under 'time'. i.e. 

I went looking around for documentation that would go into some more specific detail on this and all the other options throughout this part of Traffic Polices and couldn't find anything real informative. 

I don't like to be in the position where I am guessing when I should really be knowing how the options are designed to act. 

This little blurb from 'Introduction to Traffic Policies' really did not explain anything to the level that I am curious about:

So, if anyone can shed some light on the specific items I am curious about  - OR - knows where the 'GOOD' documentation could be found, please, contribute.

Thanks!!!!

rjc

 

 

 

 

  • Paulius's avatar
    Paulius
    Jan 24, 2023

    Ronnie110755 I would say your assumptions are probably a good guess because that's how all other cookie insert works on the F5, or at least the ones that I have used. You should be able to test this fairly easy though by configuring the traffic policy with the defaults and then access the site to see what it returns in the response cookie. I believe the cookie insert does indeed work at the VS level because you have to associate the policy to the VS that you want to use the configured policy. From my understanding you have 3 ways to insert a cookie for cookie persistence. The first is through and HTTP profile, an iRule, and the method you are using which is local traffic policy. As far as when the cookie is inserted that is dependent on what you choose for that last field in the traffic policy. I know my method probably isn't the best method of discovery but sometimes when documentation is limited you do what you have to so you can figure it out. Thank you for the appreciation on that approach but always remember to not do this on a critical VS and try it on something that doesn't matter or configure a new VS for testing only which I always recommend.

  • John_Alam's avatar
    John_Alam
    Jan 24, 2023

    The BIGipserver cookie is inserted by the persistence profile attached at the virtual server level.  If you don't want that, you can remove the profile.   You can then create your own cookie name using policy or irule.

    Cookies inserted by the server in the HTTP Response are not really cookies, they are "Set-Cookie" headers that instruct the browser to form a cookie and send it back in the next resquest.  It is iimportant to highlight the difference.

    A policy or an iRule on the BIGIP virtual server can insert either a real cookie into the request or a "Set-Cookie" header into the response.  In the request it would be simulating browser returning a cookie.  In the response it would be simulating server Setting a cookie.

    HTH

     

  • John_Alam's avatar
    John_Alam
    Jan 24, 2023

    Thanks for pointing that out.  We will pass this along to the UI and documentation people.

7 Replies

  • Ronnie110755 The for box allows you to set the expiration time of the cookie in the formatting [Nd][HH:MM[:SS]] and I do not have documentation on this but it was retrieved from me typing in giberish into that box and the error provided me what that field is for and the formatting for the expiration of the cookie.

    • Ronnie110755's avatar
      Ronnie110755
      Icon for Altostratus rankAltostratus

      Thank You Paullus!

      Interesting method of discovery. I like it. Now this leads to more questions i.e. I guess it would be an option to leave the named and for fields blank, One would supply a value for the name if the organization does not want to use the default BIGipServer cookie? And not supply a for Value if one would want to expire the cookie/'close the session' when the browser closes?  A yes answer for both seems reasonable. 

      A question also just came to mind. Using a Traffic Policy with a large number of rules doing uri path routing to destination pools.  Could cookie insert method for session persistence be set at the virtual server level. This also seems reasonable since the cookie is set on  the response from the server.

      • John_Alam's avatar
        John_Alam
        Icon for Employee rankEmployee

        The BIGipserver cookie is inserted by the persistence profile attached at the virtual server level.  If you don't want that, you can remove the profile.   You can then create your own cookie name using policy or irule.

        Cookies inserted by the server in the HTTP Response are not really cookies, they are "Set-Cookie" headers that instruct the browser to form a cookie and send it back in the next resquest.  It is iimportant to highlight the difference.

        A policy or an iRule on the BIGIP virtual server can insert either a real cookie into the request or a "Set-Cookie" header into the response.  In the request it would be simulating browser returning a cookie.  In the response it would be simulating server Setting a cookie.

        HTH