Beinhard_8950
Sep 20, 2010Nimbostratus
Cookie Insert - non absolute timestamp
Hi,
Little history first of my problem.
At first i have used session expire.
If you do that you can´t use disable on a node (gracefully) because the session expire is just in the UA:s memory and if the client doesn´t shutdown the browser, the cookie will be there.
So in theory a user can reach a disabled node after a long long time and thats not so good( and i don´t want to use offline mode)
So if you have a large website a disabled node will always have connections, never 0 connections.
I thought, i put in a value, like 30 min in the cookie. Everything went fine except for some users.
Our best guess so far is that the users don´t have the pc clock synchronized to a good NTP =).
Becasue the F5 put in an absolute value based on the f5 system clock and if that don´t match the client we will have problems.
I have tested (quick test) and it seems to be that if the client clock and the f5 is way off the cookie isn´t even kept in the UA memory (if you put the client clock ahead ,like +2h).
So the solution to this is what a lot of other system use instead, a non-absolute timestamp. Just a counter that keeps increasing.
Is that possibly?
I don´t want under any circumstance that the client side to deiced over this, I´t would be a big security hole.
So some hints and tricks are welcome or some more gas to the fire =)
Best regards
Beinhard