Maximum length/legal characters for JSESSIONID cookie
My setup is using JSESSIONID persistence to load-balance a weblogic application, and the JSESSIONID values they send to the client are quite convoluted: JSESSIONID=4k97S6kYZcX0LpD5tLLSC54yy9y2fzrtzbR90R6Qd31hGY7QQm2L!916453517 Is that length in bounds of what would work with the following persistence iRule? My version is 9.4.4: when HTTP_RESPONSE { if { [HTTP::cookie exists "JSESSIONID"] } { persist add uie [HTTP::cookie "JSESSIONID"] } } when HTTP_REQUEST { if { [HTTP::cookie exists "JSESSIONID"] } { persist uie [HTTP::cookie "JSESSIONID"] } } Thanks.
WebLogic universal persistance - multiple (JSESSIONID) cookie names
Hello experts, we have a customer which uses a Java Web-Application hosted on WebLogic middleware. In the past this was quite simple, we used this iRule for managing the universal persistance: when HTTP_REQUEST { if { [HTTP::cookie "JSESSIONID"] ne "" }{ persist uie [string tolower [HTTP::cookie "JSESSIONID"]] 300 } else { set jsess [findstr [string tolower [HTTP::path]] "jsessionid=" 11] if { $jsess != "" } { persist uie $jsess 300 } } } when HTTP_RESPONSE { if { [HTTP::cookie "JSESSIONID"] ne "" }{ persist add uie [string tolower [HTTP::cookie "JSESSIONID"]] 300 } } This worked ever fine. But now the customer has multiple Java Web-Applications configured in WebLogic, each of them uses seperate Cookie names. So JSESSIONID (as before), but also new SESSIONIDA, JSESSIONIDB and JSESSIONIDC. All must be served over one Loadbalancer virtual server, we we have to manage the complexity in the iRule on the F5. Note: We can use the same selected node node for one client, but also seperate per Cookie name, so per application to another selected node in the Backend - this is not relevant. This is what I think it should work, but it doesn't. Please don't blame me regarding efficiency, I know it is worse. (But am no iRule expert.) Pure funcionality is Prio-1 for us. when HTTP_REQUEST { if { [HTTP::cookie "JSESSIONID"] ne "" } { persist uie [string tolower [HTTP::cookie "JSESSIONID"]] 300 } elseif { [HTTP::cookie "JSESSIONIDA"] ne "" } { persist uie [string tolower [HTTP::cookie "JSESSIONIDA"]] 300 } elseif { [HTTP::cookie "JSESSIONIDB"] ne "" } { persist uie [string tolower [HTTP::cookie "JSESSIONIDB"]] 300 } elseif { [HTTP::cookie "JSESSIONIDC"] ne "" } { persist uie [string tolower [HTTP::cookie "JSESSIONIDC"]] 300 } else { set jsess [findstr [string tolower [HTTP::path]] "jsessionid=" 11] if { $jsess != "" } {persist uie $jsess 300 } else { set jsess [findstr [string tolower [HTTP::path]] "jsessionida=" 11] if { $jsess != "" } { persist uie $jsess 300 } else { set jsess [findstr [string tolower [HTTP::path]] "jsessionidb" 11] if { $jsess != "" } { persist uie $jsess 300 } else { set jsess [findstr [string tolower [HTTP::path]] "jsessionidc" 11] if { $jsess != "" } { persist uie $jsess 300 } } } } } } when HTTP_RESPONSE { if { [HTTP::cookie "JSESSIONID"] ne "" }{ persist add uie [string tolower [HTTP::cookie "JSESSIONID"]] 300 } if { [HTTP::cookie "JSESSIONIDA"] ne "" }{ persist add uie [string tolower [HTTP::cookie "JSESSIONIDA"]] 300 } if { [HTTP::cookie "JSESSIONIDB"] ne "" }{ persist add uie [string tolower [HTTP::cookie "JSESSIONIDB"]] 300 } if { [HTTP::cookie "JSESSIONIDC"] ne "" }{ persist add uie [string tolower [HTTP::cookie "JSESSIONIDC"]] 300 } } I would like to thank you in advance for any hint on my problem here...Multiple jsessionid cookies on VS
Hi all, We are in the process of replacing our IBM webseal by F5. Basically we have multiple Websphere containers behind our F5 with APM. We use one landing VS where we check uri, ACL, some custom logic in irule and then forward the client accrdingly. If all is OK we will send them to the correct vs. Current setup is: client > F5 > VS-to-cherry-pick-APM-enabled > VS > node-1 (websphere) [jsessionid-1] > VS > node-2 (websphere) [jsessionid-2] > VS > node-n (websphere) [jsessionid-n] All these containers rely on their own JSESSIONID cookie for session management. In order to differentiate these cookies between the containers the webseal uses a cookiejar. With this it can differentiate the inserted cookie based on container selected (see square brackets in example above). Is there a similar technology available on F5 or is this something that should be coded in an irule? Thanks in advance, Joren
iRule with JSESSIONID including the server id with jvmRoute
Dears, unfortunately I did not find a fitting post to my problem: We have two or more servers they creating a JSESSIONID where the id of the server is added on the end like so: 7B0DE3926CF23C27DFF9C80BE604B009.serverID0 5C38A6262816E6E3A6BBB0B3ABB42D3A.serverID1 (we are using the-DjvmRoute=... on the tomcat) Is it possible, that every JSESSIONID with the ending serverID0 is always routing to server 0 and serverID1 to server 1? The rootcause is, that if the routing switches for a user, they logged in 3 days before, they has to loggin again, although there is a valid security context on tomcat available on the "right" server...
JSessionID Expiration
Hi, We have this issue on an application that was upgraded on the basic cookie to java based application. We then create basic IRule below. when HTTP_REQUEST { if { [HTTP::cookie "JSESSIONID"] ne "" }{ persist uie [string tolower [HTTP::cookie "JSESSIONID"]] 1800 } } when HTTP_RESPONSE { if { [HTTP::cookie "JSESSIONID"] ne "" }{ persist add uie [string tolower [HTTP::cookie "JSESSIONID"]] 1800 } } As far I know that this will only flush persistency record on the set timeout (1800) correct? Upon testing, if the browser will not be closed let say within 24hrs, JSessionID is intact and still login on the server. As per the application, they cant modify to have the idle timeout on the JSessionID and asking it to work on the LTM loadbalancer it self. Any recommendation please? thanks!
APM swallowing JSESSIONID cookie; workaround possible by copying cookie to return stream?
Hi, all - we have a layer 7 VIP secured with an APM policy. The VIP proxies to a Tomcat server, which returns a JSESSIONID cookie after user logon. Sporadically, the F5 does not return the JSESSIONID to the client; it will be working fine for a a few days, then it will kick into a mode where users logon but don't have a Tomcat session tracked to their logon, because they simply don't have a JSESSIONID cookie anymore to send with their next request. This is similar to what was noted by Davo T, here: https://devcentral.f5.com/questions/apm-sso-config-using-kerberos-to-weblogic-backend-not-supplying-session-id-cookie-on-post-authentication-requests I'm working this as a case with F5 - but while it's being worked, is there a reliable way to script an explicit copying of the JSESSIONID cookie from the returned stream from the real server, before APM gets its hands on it, then insert it into the reply after APM is done processing? What events would I reference in an iRule to accomplish that? I'm not super familiar with the APM-related event lifecycle, and how it expresses itself in iRules. In case it matters, the policy in question does the following: - presents a login page, obtains userid, RSA PIN/Code - RADIUS auths against an RSA server - checks a RADIUS filter-id attribute value - checks the URL against an ACL Thank you!Rewrite and Jboss with Jsessionid
Hi, I need some help how can I do what is in apache: Apache as load balancer (so below a node, but the f5 using two nodes) Jboss is the node server VirtualHost *:80 ServerAdmin admin@dest.com ServerName sistema.dest.com ProxyPass /sistema/ http://10.0.0.2:8080/sistema/ ProxyPass / http://10.0.0.2:8080/sistema/ ProxyPassReverse / http://10.0.0.2:8080/ Options -Indexes To rewrite using F5 or proxypass profile. I made some attempts using these links: https://devcentral.f5.com/wiki/iRules.proxypassv10.ashx http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-4-0/21.html But with jsessionid in a Jboss environment: https://devcentral.f5.com/wiki/iRules.Weblogic_JSessionID_Persistence.ashx Does not work with the rewrite Balancing Jboss error "/pages/login.xhtml;jsessionid=IcTjndaodTDnTntpnKrn.undefined"
How LTM attaches information about node to JSessionsID ?
Hi all, I'd like to ask whether you could explain me how LTM attaches information about node to JSessionsID used in cookie. Introduction: we have pool SRV_POOL: -SRV1 10.10.10.1 -SRV2 10.10.10.2 -SRV3 10.10.10.3 (new) system creates cookies with JSessionID ISSUE: Recently we've added additional node to our pool. Issue occurs when request goes to last node and we get: C73AA9C0CC0F1045667015AF8F281AD4.node1 instead of node3 Logs: Rule /Common/Node3Log : 10.7.255.251:16966: Used persistence record from cookie. Existing key? /Common/SRV_POOL 10.10.10.3 8080 Rule /Common/Node3Log : 10.7.255.251:16965: Request to .../soria/images/tooltipConnectorRight.gif with cookie: C73AA9C0CC0F1045667015AF8F281AD4.node1 Question: Would you please explain me how LTM assignes nodes' information to JSession? Thank you in advance, Mateusz