Forum Discussion

Jason_L_40779's avatar
Icon for Nimbostratus rankNimbostratus
May 04, 2011

session cookie persistence question

Hi Guys,



Thanks for all your help on this forum. As a newbie I really appreciate all the help. I have another question regarding session cookies. I'm load balancing OWA using a session cookie for persistence. Pretty basic... Sometimes when I log into the OWA front end page and click login, It kicks me back to the login screen. I started doing some digging and it seems the times it has done it, I didn't see the session cookie in my browser. I'm wondering if there is something going on with my browser on my machine, or is it possible the F5 LTM would have a sporadic issue like that. These are new 6900's running 10.2.0 1755,



I would think, it would work or not work. Just wondering if anyone has seen something like this before. Could it be on of the back end servers causing it also. I'm not sure..





6 Replies

  • Hi Jayson,


    Are you using a cookie insert persistence profile with the expire time set to 0 (session)? If so, the client should send the cookie on each request as long as the browser is kept open. One common issue with layer 7 based persistence is that you need to apply a OneConnect profile to the virtual server. This ensures that LTM will make a load balancing/persistence decision on each HTTP request. If you're using serverside source address translation (SNAT), you can use the default OneConnect profile with a /0 source mask. If you're not using SNAT, then create a custom OneConnect profile with the source mask set to /32. See this wiki page for details:



    If you're already using OneConnect or adding a OneConnect profile to the virtual server doesn't fix the issue, can you try reproducing the issue with a browser plugin like Fiddler2 or HttpWatch to see what the client is sending? You can also use an iRule to log debug messages on the persistence and load balancing decisions:





  • Hi Hoolio,



    I'm using a basic session cookie with a one-connect profile and a snat automap. It seems to be rock solid now. The way I was testing it was opening multiple browser windows deleting temp files etc trying to break it. The user is not going to do that.







  • Thanks again for the input. I guess I didn't answer the question thoroughly last time. I'm using a standard oneconnect profile with an http compression profile with oneconnect enabled. The cookie persistence is a default insert with a session cookie. That seems to be the easiest way to persist on the 2 CAS servers i'm load balancing for OWA. I've tested this an it appears to work well. One thing to mention, there is a proxy on the edge terminating the user's https connection from the internet. The proxy is then making a call to the VIP Like I stated, I haven't really seen any issues. When I was testing the other night, I was trying to break it. IE having multiple browser sessions open, deleting temp files open new ones etc. I think it's ok from what I'm seeing. It's been live for 2 weeks now and our helpdesk hasn't seen any calls other than the standard "how to" type stuff.





  • I posted this a while back but am seeing some random issues again with browsers. It could very well be the Server admins have made some changes, but want to make sure that i'm not missing anything and my side is rock solid. I'm by no means a web expert and have more experience with Networking in general. I have 2 CAS servers being load balanced by a pair of LTMS. I followed the deployment guide when setting up the LTMS for OWA and active synch. The only difference is, i'm not doing SSL offloading. Our security team wants it encrypted all the way to the server, so I'm using a SSL client and SSL server profile with a certificate. I'm also using a Default Wan Optimized, Default Lan Optimized profile. The only difference here is the deployment guide states to disable nagle's algorithm.. which I did. With that said , I'm also using a default HTTP optimized compression default profile, with the included list of compression found in the deployment guide. This list consists of doc, xls, visio etc. Finally i'm using a default one connect profile and cookie session persistence. I think i've set it up to the best of my ability.. This is one armed and I'm using snat automap. It's pretty basic and not complicated which is how we like to keep things :-)



    What happens is, sometimes I will be logged into the owa screen, click on new message, and it clicks me back to the login screen. This happens like maybe once every 25 times or so. No consistent so I wouldn't think it's the F5 causing this. Could this be an issue with that backend server? My thought is... if the CAS server lost it's connection to the mailbox server, it could kick me out back to the login screen. Also, when I delete an e-mail, I get a message that states "invalid response from server". That appears to be consistent though. Once I refresh my browser my inbox comes back.




    I know it's probably hard to tell without looking at my configuration, just wondering if i'm missing anything? I could also open a support ticket. This is in the early stages of being piloted, but I want to make sure my F5 side is solid.



    Any thoughts are appreciated.











  • Hi Jayson,



    I was wondering if you were able to fix this as I'm having exactly the same issue here.



    Best Regards,



    • Milan_61890's avatar
      Icon for Nimbostratus rankNimbostratus
      Hi everyone, I'm having the same issue (back to login screen randomly). Any progress on this? Best regards, Milan