LTM+APM session expired detection

Hello Stanislas,

I think I understand your problem/unexpected behaviour. First what do you do with OWA or Sharepoint is Web Access Management and not VPNSSL (You confirm). Because VPNSSL (Webtop) manage correctly timeout for all your ressources.

You have to now 1 thing when you obtain the error that you've Evoked: "Access policy evaluation is already in progress"

It means that an access process is already underway. for example if you try to access a service protected by APM Module (Access Policy) by the following url: https://app.domain.com/app

And you don't finalize access policy. Then for example you open a new tab and you enter another URI https://app.domain.com/app2

You will obtaine the following error message: "Access policy evaluation is already in progress" Because you try to access to an application with another landing uri without finished the privious attempt.

So that you obtain for OWA and Sharepoint is normal in my opinion (I already had the case). I'll explain what's going on:

• Your user is connected correctly to Sharepoint through F5 (with access policy).

   

• the session timeout is reached. And this apm session is finished.

   

• the problem is that the user is not aware of this because the timeout is reached.

   

• So user the user will want to continue to use the application (sharepoint) normally. but when it will click on a link on his browser in rear plan it is redirected on: https://app.domain.com/my.policy (if you do a capture you can see it)

   

Today several application are developed with bootstrap, angularjs, ajax, json... (not html/txt) and the redirection can't opere for the entire page... and we get this kind of problem.

I hoped I was clear enough. If you have question don't hesitate, it's very important that you understant this comportment...

For this kind of problem I developed an irule that manage session. If you are interesting keep me update.

Regards

Hi,

To force browser to detect session closed, I wrote the following irule:

when RULE_INIT {
    set static::jscript {}
}

when ACCESS_ACL_ALLOWED {
     Disable the stream filter by default 
    if { [catch {STREAM::disable}] } {log local0. "Streem disable error"}
    set insertJscript 0 
    HTTP::header remove "Accept-Encoding"
    set authenticated 1
}


when HTTP_RESPONSE { 
    if {[info exists authenticated] && ([HTTP::status] == 200) && ([HTTP::header value Content-Type] contains "text")} { 
        set insertJscript 1
        STREAM::expression "@@$static::jscript@"
        STREAM::enable
    }
    if {[HTTP::header exists "Transfer-Encoding"]} {
        HTTP::payload rechunk
    }
}


when STREAM_MATCHED {
     Once we've hit one match, disable the stream filter for the rest of the response
    if { $insertJscript} {
        log local0. "Session Closed detection : Javascript inserted"
        STREAM::disable
    }
}

I imported the following javascript file in Hosted content (named detect_session_close.js):

function detectSessionClosed()
{
    var rq = new XMLHttpRequest();
    rq.open("GET","/vdesk/timeoutagent-i.php",false);
    rq.send(null);
    if (rq.status === 404) {
      window.location.assign("/vdesk/hangup.php3");
    }
}

setInterval( detectSessionClosed, 30000);

It request timeoutagent-i.php every 30 seconds (without extending the APM session) and redirect to logout page if the session is closed.

Hello Stanislas_Piro2 ,

The hosted content is only available for webtop and the webtop is not available in LTM+APM mode as far as I understood.
So, what would be the best way to inject the JavaScript in LTM+APM mode?
Thanks for sharings