Forum Discussion

ebabiano's avatar
ebabiano
Icon for Nimbostratus rankNimbostratus
Jul 03, 2013

HTTP redirect when IDLE gets a certain value

Hi everyone,

 

I am trying to send a HTTP redirect when IDLE value gets a certain value

 

[administrator@lmbalance1:Active] ~ b conn client show all | grep IDLE

 

PROTOCOL tcp UNIT 1 IDLE >>>>>>1<<<<<<< (1800) LASTHOP 00:09:0f:09:0c:06

 

[administrator@lmbalance1:Active] ~

 

I know the IP::idle_timeout command, but this command "returns" or "set" the IDLE TIMEOUT, (1800 en my output), but how can we take in consideration the idle timer and take and action when this timer gets a certain value?

 

Do you know if it is possible?

 

Thanks and regards

 

7 Replies

  • Do you know if it is possible?i do not think it is possible (i.e. sending http redirect when connection is idle for specific time).

     

     

    by the way, what is the problem indeed?
  • Hi nitass, thanks for your reply

     

     

    Web developer want redirect users to a page which inform him that session timeout has been reached, but I am not sure in several aspects:

     

     

    - HTTP redirect can be send to a user without a HTTP GET interaction first?

     

    - And then, the IDLE timer can be taken in consideration for an iRule?

     

     

    Next monday I will talk again with them, because I think this can be get modifying code in web pages

     

     

    Anyway, if someone have an idea for that goal, it will be extremely welcome!

     

     

    Regards
  • Web developer want redirect users to a page which inform him that session timeout has been reachedcan we send cookie with expiration time from bigip and check it in subsequence request? if no cookie is presented, send user redirection.
  • I dont think so, nitass

     

     

    The expiration time of a cookie is an absolute time

     

    Idle timer is a relative time, because for each a new request arrive, it is reset to zero and starts to grow

     

     

    Moreover, almost all HTTP request are open/close in a few seconds. Only if there is a business logic working in backend, the HTTP response could be delayed. And in that case, the final user would be expecting for a response, no making a new request with or without cookie, so I think the only valid parameter is IDLE timer

     

     

    When I have more information by developer team, I will post it here

     

     

    Many thanks for your suggestions
  • what about "send response from BigIP if server does not respond within a specified amount of time" example in after wiki below?

     

     

    after

     

    https://devcentral.f5.com/wiki/irules.after.ashx
  • There are a few ways to implement an idle timeout, and each depends on some specific characteristics of the application. Ultimately though, unless you're designing an elaborate PUSH mechanism (ie. Comet), some action must be performed by the client (PULL/REQUEST) for the server to respond with some action. Here are a few ideas.

     

     

    1. Cookie - you can absolutely set quasi-relative expiration values in cookies. Access Policy Manager (APM) does this natively. You just need to rewrite the expiration value of the cookie on each HTTP response, which can be done in an iRule. The idea here would be that the user session would expire by virtue of the cookie missing after some length of idle time.

     

     

    2. Session table - using some unique identifier (probably a cookie), you can set a session table entry that marks the last request made by a user. If the next request comes in after a specified timeout, you can take some action. The cookie/identifier itself must just be a unique value (ie. GUID) that can be used to identify a specific user session. The session table is updated on each request.

     

     

    3. JavaScript in the browser - this is actually quite common. A small piece of JavaScript is inserted into each payload response that starts a timer on page load. At the end of the timer a message box can appear notifying the user of impending session expiration. The previous two ideas require some explicit action to be taken by the user - clicking a link after the session expired to see a result. To send a redirect with the previous methods, the user would have to actively do something in the browser first. Combining this method with either of the previous two (removing a cookie or deleting a session table entry), the user experience wouldn't necessarily need an explicit user action. To send a redirect with this method, the JavaScript code could either issue a redirect directly, or induce a non-interactive GET request causing the iRule (upon expired session) to issue a redirect.

     

     

    In any case, you wouldn't use the IP::idle_timeout command, but rather some arbitrary expiration value and active "markers" placed either in a cookie, session table, JavaScript code, or a combination of each.

     

  • Hi everyone,

     

     

    @nitass, thanks for the possibility of "after"

     

     

    @Kevin, your information is very useful, i will take in consideration in a future. At the moment, after talk with developer team, they will do it modifying code, so no changes are required in load balancer

     

     

    Thanks again for your help, was very valuable

     

     

    Regards