Forum Discussion

Modena_'s avatar
Modena_
Icon for Nimbostratus rankNimbostratus
Nov 08, 2017

APM - check for a session from within another session

Hi,

 

I have a scenario where after a user is authenticated by APM and has an active session, subsequently an out of band request will come in which is from a browser plugin but in practice its effectively a new browser session. This out of band request will have a cookie set by the application with the same name/value as a cookie that is also in the main session. I need APM to read the cookie from the out of band request, and check that such a session variable exists in an already authenticated session, and hence allow the out of band request through.

 

I can do the first part of this, which is grab the application cookie from the APM authenticated session and store it in an APM session variable - but how, when the out of band request comes in, can I iterate through active APM sessions looking for an authenticated active session which has the application cookie?

 

Is there a way for an access policy to read sessions variables from other sessions ?

 

Ben

 

PS: I guess that was a long winded way of asking for a way to allow requests that come in from pre-authenticated sources, in my case identified by a cookie which exists in both authenticated and unauthenticated requests, aka the unauthenticated request does not have the APM session ID cookie in it.

 

1 Reply

  • Instead of setting an APM session variable, I think the table function is more suitable. Assuming the cookie that is set by the application is unique, you could put that in the table together with the sessionid. When the outband connection comes in, you could simply lookup the unique cookie in the table and link it to the related authenticated session. For more info on the table function see: https://devcentral.f5.com/articles/the101-irules-101-datagroups-amp-tables