cookie persistence
36 TopicsCookie Persistence configured on VS but no logs
Good day all, I have default cookie persistence profile configured on my VS (Virtual Server > Load Balancing > Default Persistence Profile: cookie) and I've enabled the system to be able to view in the GUI (#tmsh modify sys db ui.statistics.modulestatistics.localtraffic.persistencerecords value true). The issue is that I see no logs in tmsh (#tmsh show /ltm persistence persist-records) or in the GUI (Module Statistics > Local Traffic > Persistence Records) and I have active sessions to the VS. I feel I should see something. Thoughts? As always, I look forward to your input and it is greatly appreciated. Thank you. Sincerely, Paul C.82Views0likes7CommentsiRule - Fallback Persistence
Hi - I'm trying to create an iRule for the Persistence Profile of one of my applications. The preferred method is to use cookie - the application actually injects a cookie in the HTTP RESPONSE and the F5 looks for this cookie in both the HTTP RESPONSE and HTTP REQUEST to do persistence, identical to how JSESSIONID works. However in the event that the client has configured their browser to reject / disable cookies, the expectation is that we persist based on their source IP, however as they come in to our data centre via Akamai, we actually need to extract their IP from the X-Forwarded-For header. What I came up for this was: when HTTP_REQUEST { if { [HTTP::cookie exists "App_SessionId"] } { persist uie [HTTP::cookie "App_SessionId"] 1800 } else if {[HTTP::header X-Forwarded-For] != ""} { persist uie [lindex [ split [lindex [HTTP::header values X-Forwarded-For] 0] "," ] 0] 1800 } else { persist uie [IP::client_addr] 1800 } } when HTTP_RESPONSE { if { [HTTP::cookie exists "App_SessionId"] } { persist add uie [HTTP::cookie "App_SessionId"] 1800 } } I haven't had the chance to test this but reviewing the logic I see that we may have a problem with the first request cominf from the user's browser. When a user first lands on the website, the HTTP_REQUEST from their browser will not have the App_SessionId cookie and this causes the LTM to add a persistence record based on the X-Forwarded-For header, or add a persistence record based on the user's source IP address. When the request makes it to the server and the server responds ( HTTP_RESPONSE ), that response will have a App_SessionId cookie, and the LTM adds another persistence record based on this cookie. Then the subsequent HTTP_REQUEST from the users browser will have the App_SessionId cookie, and this will now match the if { [HTTP::cookie exists "App_SessionId"] } section of the iRule and they will be persisted to the same server that inserted the cookie. This is good but there's the loose end which is the initial persistence record based on the X-Forwarded-For header that's lingering. Would this lingering persistence record based on the X-Forwarded-For header cause a conflict with the persistence record based on the App_SessionId cookie? How do I clean up this loose end? On the flip side, if the user had configured their browser to reject cookies, the persistence record based on the X-Forwarded-For header is vital to maintain session consistency. But now we have the loose end of the persist add uie [HTTP::cookie "App_SessionId"] 3600 in the HTTP_RESPONSE .386Views0likes0CommentsWebLogic universal persistance - multiple (JSESSIONID) cookie names
Hello experts, we have a customer which uses a Java Web-Application hosted on WebLogic middleware. In the past this was quite simple, we used this iRule for managing the universal persistance: when HTTP_REQUEST { if { [HTTP::cookie "JSESSIONID"] ne "" }{ persist uie [string tolower [HTTP::cookie "JSESSIONID"]] 300 } else { set jsess [findstr [string tolower [HTTP::path]] "jsessionid=" 11] if { $jsess != "" } { persist uie $jsess 300 } } } when HTTP_RESPONSE { if { [HTTP::cookie "JSESSIONID"] ne "" }{ persist add uie [string tolower [HTTP::cookie "JSESSIONID"]] 300 } } This worked ever fine. But now the customer has multiple Java Web-Applications configured in WebLogic, each of them uses seperate Cookie names. So JSESSIONID (as before), but also new SESSIONIDA, JSESSIONIDB and JSESSIONIDC. All must be served over one Loadbalancer virtual server, we we have to manage the complexity in the iRule on the F5. Note: We can use the same selected node node for one client, but also seperate per Cookie name, so per application to another selected node in the Backend - this is not relevant. This is what I think it should work, but it doesn't. Please don't blame me regarding efficiency, I know it is worse. (But am no iRule expert.) Pure funcionality is Prio-1 for us. when HTTP_REQUEST { if { [HTTP::cookie "JSESSIONID"] ne "" } { persist uie [string tolower [HTTP::cookie "JSESSIONID"]] 300 } elseif { [HTTP::cookie "JSESSIONIDA"] ne "" } { persist uie [string tolower [HTTP::cookie "JSESSIONIDA"]] 300 } elseif { [HTTP::cookie "JSESSIONIDB"] ne "" } { persist uie [string tolower [HTTP::cookie "JSESSIONIDB"]] 300 } elseif { [HTTP::cookie "JSESSIONIDC"] ne "" } { persist uie [string tolower [HTTP::cookie "JSESSIONIDC"]] 300 } else { set jsess [findstr [string tolower [HTTP::path]] "jsessionid=" 11] if { $jsess != "" } {persist uie $jsess 300 } else { set jsess [findstr [string tolower [HTTP::path]] "jsessionida=" 11] if { $jsess != "" } { persist uie $jsess 300 } else { set jsess [findstr [string tolower [HTTP::path]] "jsessionidb" 11] if { $jsess != "" } { persist uie $jsess 300 } else { set jsess [findstr [string tolower [HTTP::path]] "jsessionidc" 11] if { $jsess != "" } { persist uie $jsess 300 } } } } } } when HTTP_RESPONSE { if { [HTTP::cookie "JSESSIONID"] ne "" }{ persist add uie [string tolower [HTTP::cookie "JSESSIONID"]] 300 } if { [HTTP::cookie "JSESSIONIDA"] ne "" }{ persist add uie [string tolower [HTTP::cookie "JSESSIONIDA"]] 300 } if { [HTTP::cookie "JSESSIONIDB"] ne "" }{ persist add uie [string tolower [HTTP::cookie "JSESSIONIDB"]] 300 } if { [HTTP::cookie "JSESSIONIDC"] ne "" }{ persist add uie [string tolower [HTTP::cookie "JSESSIONIDC"]] 300 } } I would like to thank you in advance for any hint on my problem here...376Views0likes1Commentpersist profile with irule
Hi, I have a virtual server and more than 2 pool. I want to use persistence profile based on pool. I have written irule shown below. Are there any mistakes or advice? when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri]] { "/abc*" { pool abc_pool persist source_addr } "/xyz*" { pool pool_xyz persist cookie } "/def*" { pool pool_def persist dest_addr } } }238Views0likes2CommentsCookie persist Fail with One Virtual server but have many pool (different member too)
Hi I have issue with persistence cookie. My environment is I have one Virtual server and this virtual server (domain) have many Application in different server. So we choosing pool via irule like this. When HTTP_request { (don't mind syntax) if [http_uri == abc] { pool abc} pool abc have server CC,DD else if [http_uri == dfg ] {pool dfg} Pool dfg have server XX,YY else pool default { pool default} pool default have server AA,BB } Example: when Client access www.domain.com , he will go to pool default and have cookie for AA or BB. But when client click link on that page to access www.domain.com/abc , he will go to pool abc, but now cookie information will change to Server CC/DD. And this problem will make client lose session with www.domain.com (he also lose session with www.domain.com/abc if he redirect or access other page because cookie information changed) How Can I fix this? like store cookie for each pool (client have cookie_default for pool default and cookie_abc for pool abc so when he access www.domain.com and www.domain.com/abc , he won't lose session) Thank you270Views0likes3CommentsIrule for Cookie persistence on pool
HI all, I have written an Irule as follow: Select different persistence methods by HTTP URI when HTTP_REQUEST { Check the requested URI switch -glob [HTTP::uri] { "/cares/" - "/fraud/" - "/submit/*" - "/exchange/" - "/webauth/" { Request was for an Sticky URI so select the pool and unset persistence persist cookie insert CSWEB-STICK pool CSWEB-STICK } default { Request was for an NON sticky URI so select the pool and persist with default persistance profile persist none pool CSWEB-NSTICK } } } The problem is that on the selection of the pool that should stick with a cookie persistence, it is not working. In the logs I see the following Mar 4 10:55:23 ASH1-PROD3900-01 info tmm[11443]: Rule /Common/Persistence-logger : Request from client: 172.21.81.144:57111 contains no persistence cookie on vip /Common/CSWEB-PERSISTENCE-TEST; request was assigned to pool /Common/CSWEB-NSTICK and member 10.10.97.27:443 Mar 4 10:55:32 ASH1-PROD3900-01 info tmm[11443]: Rule /Common/Persistence-logger : Request from client: 172.21.81.144:57111 contains no persistence cookie on vip /Common/CSWEB-PERSISTENCE-TEST; request was assigned to pool /Common/CSWEB-NSTICK and member 10.12.34.107:443 Mar 4 10:55:32 ASH1-PROD3900-01 info tmm[11443]: Rule /Common/Persistence-logger : Request from client: 172.21.81.144:57111 contains no persistence cookie on vip /Common/CSWEB-PERSISTENCE-TEST; request was assigned to pool /Common/CSWEB-NSTICK and member 10.12.34.108:443 AS you can see the connections bounces from one node to the other since it cannot find a "cookie" . It is assigning the default pool which has a persist none before calling it. Is there something i might be doing wrong? it looks like the F5 is NOT inserting the cookie properly or at all... any help is appreciated315Views0likes1CommentLoad Balancing to Only One Pool Member
I have an issue where all traffic in a pool is going to the fifth of 5 pool members. We are using cookie persistence and I know there can be issues with that. We are also using both an http and OneConnect profile. From the sols and DC articles I've read it seems like the problem will arise if you do NOT have a oneconnect profile assigned. I have tried pulling http/oneconnect/tcp profiles on and off, using default profiles. The only thing I haven't tried is falling back to source address persistence. That is a last resort I do not want to use. Due to the application architecture source address persistence will definitely result in uneven load. All the "custom" profiles are built from an F5 guide for the application (Epic HyperSpace Web; Link to Guide). That being said this config seems pretty straight forward, but any help would be very much appreciated. We have captured traffic and seen the cookies present in the sessions. Below is the config. ltm virtual /PARTITION/v_80 { destination /PARTITION/10.10.1.1:80 ip-protocol tcp mask 255.255.255.255 persist { /PARTITION/Custom-cookie { default yes } } pool /PARTITION/pool_80 profiles { /PARTITION/Custom-OneConnect { } /PARTITION/Custom-http { } /PARTITION/Custom-lan-optimized { } } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled } ltm pool /PARTITION/Pool_80 { description "HTTP Pool" load-balancing-mode least-connections-member members { /PARTITION/001:80 { address 10.1.1.1 } /PARTITION/002:80 { address 10.1.1.2 } /PARTITION/003:80 { address 10.1.1.3 } /PARTITION/004:80 { address 10.1.1.4 } /PARTITION/005:80 { address 10.1.1.5 } } monitor /Common/http_head_f5 service-down-action reselect } Only change to custom oneconnect profile is mask is 255.255.255.255. Only change to tcp-lan-optimized profile is the idle timeout is set to 1200s. Only change to http profile is that 'Redirect Rewrite' is set to Matching. Custom cookie persistence uses default settings.1.6KViews0likes41CommentsTimeouts on cookie persistence profiles on LTM 10.2.1
Running LTM 3900, software 10.2.1. If I create a persistence cookie from the GUI, the config stanza for it looks like this: profile persist mytest { defaults from cookie mode cookie cookie mode insert cookie name "OHHAI-IAMYOURCOOKIE" cookie expiration immediate override connection limit disable } I don't see a way to specify or modify the timeout from the GUI. If I change the timeout using tmsh, I see the change in my text config but there's no change in the GUI config display. profile persist mytest { defaults from cookie mode cookie timeout 180 cookie mode insert cookie name "OHHAI-IAMYOURCOOKIE" cookie expiration immediate override connection limit disable } Is this a tmsh-only configuration option? There also doesn't seem to be a way to remove the explicit timeout from the profile config. If I try to remove it using tmsh, I get an error message 'Syntax Error: "timeout" read-only property'. Is there a way to do this?304Views0likes1Commentcookie persistence issue with two BiG-ip
Dear : we have issue withcookie persistence not working if the server connect to inside LTM but if server connect to outside LTM cookie persistence working client traffic From 1 to 10 Outside VS Source Address Translation : Auto Map inside VS withcookie persistence Source Address Translation : Auto Map no Cookie onclient browser forpersistence Br1.3KViews0likes6Comments