Forum Discussion
Terrence
May 30, 2012Nimbostratus
Point2
Thus far the rules have proven wrong. The last one definately removes the session, however the web client never realizes it has timed out, as the requests were from json or xmlrpc of some sort.
I stole this one from https://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1086502/APM-Session-Invalidation-Using-ASM.aspx
Removing the asm piece and adding the HTTP_RESPONSE piece
when ACCESS_ACL_ALLOWED {
set mrhsession [HTTP::cookie value "LastMRH_Session"]
if { [table lookup $mrhsession] == "EXCHANGE_LOGOUT" } {
set user_logon [ACCESS::session data get "session.logon.last.username"]
set sessionid [ACCESS::session data get "session.user.sessionid"]
log local0.warn "ASM VIOLATION - Session: $sessionid, User: $user_logon"
ACCESS::session remove
table delete $mrhsession
}
}
when HTTP_RESPONSE {
if { [HTTP::status] == 440 } {
set mrhsession [HTTP::cookie value "LastMRH_Session"]
if { $mrhsession != ""} {
table set $mrhsession "EXCHANGE_LOGOUT"
log local0.warn "OWA Exchange Initiated Timeout - MRHSession: $mrhsession"
}
}
}