CirrostratusIs "ACCESS::session remove" an asynchronous iRule command?
Looks like another engineer I work with may have found the answer. The command is behaving differently than when I used it in the past (versions 12 and below) but not necessarily because it's asynchronous. It looks more likely that it's simply failing to process in a timely fashion due to this Bug ID. I am calling it in the HTTP_REQUEST event, which is outside the ACCESS events, and my version is 13, which is affected. So it looks like I meet the criteria to hit the bug.
I've decided to try to work around this by simply deleting the user's MRHSession cookie (this is the name of APM's session cookie) during the next HTTP response, which has the effect of killing off their access to the session, while allowing them to keep browsing to unprotected areas of the site. Hopefully this information and the workaround will be of use to others who may run into this bug.
Bug ID 697590: APM iRule ACCESS::session remove fails outside of Access events
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 15.0.0
Opened: Dec 05, 2017
Severity: 3-Major
Symptoms
ACCESS::session remove fails
Impact
APM iRule ACCESS::session remove fails to remove session
Conditions
iRule calling ACCESS::session remove outside of Access events.
Workaround
Use "ACCESS::session modify" and set the timeout/lifetime to something small, like 1 second. This should cause the session to be deleted due to timeout almost immediately, but note that it will show up in logs as timeout.
Fix Information
None
