Forum Discussion

Nimbostratus

Dec 10, 2018

[ACCESS::user getsid key]

Hi, With reference to the documentation for Access::user ACCESS::user getsid Returns the list of created external SIDs which is associated with the specified key I am wondering: what th...

Nimbostratus

Dec 11, 2018

It seems that if man could catch a hold of the right key, man could retrieve the APM session cookie for another APM session

¬†

set apm_cookie_list [ACCESS::user getsid $the_guessed_user_key]
set apm_cookie [ACCESS::user getkey [lindex $apm_cookie_list 0]]

it will be really appreciated if F5 experts could explain in details on how the external SIDs are associated with such a key and what is the name convention or requirements for that key and who comes out with such a key? Should the key contain something closely related with that concerned session, such as hashed password? How does F5 internally avoid collision for those keys across APM sessions? is it the internal session variable session.user.uuid that holds the value for the specified key?

¬†

@Kevin Stewart could you please shed the light on it?

¬†

Forum Discussion

[ACCESS::user getsid key]

Recent Discussions

Enterprise Security best practices with F5 WAF

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

Related Content

User access to servers

NGINXaaS for Azure: Azure Key Vault

SSL length key

Securing SSL Keys on your BIG-IP

Create a User Lockout Policy with Access Policy Manager