clientless-mode, session-cookie and policy re-evaluation

Nimbostratus

Sep 30, 2015

Hi Stan,

This is what i have done to get around the issues you mentioned above. It works, but i don't know if its the most efficient way to do it or if it can be improved. I can come back into the same access session by presenting a cookie (this is how i execute the OTP verification)

when HTTP_REQUEST { HTTP::header insert "clientless-mode" 1

set otp_generated [ACCESS::session data get "session.otp.assigned.val"]
set otp_to_verify [HTTP::header otp]
set otp_status "failed"

if { ($otp_to_verify) equals ($otp_generated) }
   { set otp_status "success" }

if { ([HTTP::header otpmode] equals "generate") }{}

if { ([HTTP::header otpmode] equals "verify") }
   { HTTP::respond 200 otp_status $otp_status Connection Close }

}

when ACCESS_SESSION_STARTED { ACCESS::session data set "session.custom.otpmode" [string trim [HTTP::header otpmode]] }

when ACCESS_POLICY_COMPLETED { ACCESS::respond 200 OTP [ACCESS::session data get "session.otp.assigned.val"] SID [ACCESS::session data get "session.user.sessionid"] Connection Close } }

Forum Discussion

clientless-mode, session-cookie and policy re-evaluation

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

Sessions and Cookies and Persistence, oh my!

APM (& LTM) Session & Cookie Information - Chrome Extension

Request Logging - Session Cookie only

Multiple Cookies/Sessions same endpoint

Sliding session for "FedAuth" Persistent cookie delivered by ADFS