irule to persist after user logs in

Question

is creating an irule the correct approach to persist on a server only after a website user has successfully logged in? Currently the VS is set to persist using the src_addr profile. I'm assuming this needs to be changed to universal persistence using an irule. I'm not sure what the steps would be. Any assistance would be greatly appreciated.

michael_jenkins · Answer

If you can verify the login by way of cookie or some other method, then you can use the persist uie command. SOL7392 describes how to do this through an iRule. 
I'm not sure if you need to disable the other persistence profiles or not, but I'd assume it'd be better to do that so there's not issues.

stephanmanthey · Answer

Hi,&nbsp;
the following iRule works the same way as the sample code on DC regarding WebLogic JSESSIONID persistence:  &nbsp;
when HTTP_REQUEST {
    if { [HTTP::cookie exists "JSESSIONID"] } {
        log local0. "Client [IP::client_addr] sent cookie [HTTP::cookie "JSESSIONID"]"
        persist uie [HTTP::cookie "JSESSIONID"]
         log local0. "uie persist [HTTP::cookie "JSESSIONID"]"
    } else {
         log local0. "no JSESSIONID cookie found"
    }
}
when HTTP_RESPONSE {
    if { [HTTP::cookie exists "JSESSIONID"] } {
         log local0. "uie persist [HTTP::cookie "JSESSIONID"] from [IP::remote_addr]"
        persist add uie [HTTP::cookie "JSESSIONID"] 1800
    }
}
when LB_SELECTED {
     log local0. "Poolmember [LB::server] selected" 
}

For testing just monitor the persistence table from CLI:   &nbsp;
watch -n 1 tmsh show ltm persist persist-records

You can uncomment the log statements in the iRule to track the log messages in /var/log/ltm:  &nbsp;
tail -f /var/log/ltm

Thanks, Stephan&nbsp;

mgaughan_181608 · Answer

Hi,&nbsp;
I took the JSESSIONID iRule from this page, installed it with the log statement in the iRule, confirmed that I saw the log messages appearing in /var/log/ltm, and the user was happy with it in QA/testing.  We move to production, and the claim is that all of the traffic from one IP address and different JSESSIONIDs are all ending up on one server (of the eight in the pool) and is not being spread around the other servers in the pool.  The user believes that the JSESSIONID is being ignored and only the source IP address is being used for persistence.&nbsp;
I can't argue that we do not see most of the traffic on one IP address, because we do, but I believe that it is one heavy user, and it skews the results.&nbsp;
Leads to me question - How do I prove that a source IP address and different JSESSIONIDs end up landing on different servers in the pool?&nbsp;
Thanks!&nbsp;
Mike.&nbsp;

Forum Discussion

irule to persist after user logs in

3 Replies

Recent Discussions

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

Related Content

View persistence table data

Persistence mirroring across datacenters?

APM SSO breaks RDP persistence

Persistence issue with TCP

Universal Persistence with X-forwarder