APM: Why can't get the session.user.sessionid in the ACCESS_ACL_ALLOWED?

Hi,

Maybe you can just get the session id from the LastMRH_Session header ?

You can get this information by changing your irule to something similar :

when ACCESS_POLICY_COMPLETED {
    set hsl [HSL::open -proto UDP -pool pool_172.16.0.21_syslog] 
    set mysession "session_id=[ACCESS::session data get session.user.sessionid]"
    set timestamp [clock format [clock seconds] -format "%d/%h/%Y:%T %Z" -gmt 1 ] 
    log local0. "access policy completed get session id" 
}
when ACCESS_ACL_ALLOWED {
    set mysession "session_id=[HTTP::header "LastMRH_Session"]"
    HSL::send $hsl "<190> $timestamp $mysession \n" 
    log local0. "access policy acl allowed" 
}

Hi,

Maybe you can just get the session id from the LastMRH_Session header ?

You can get this information by changing your irule to something similar :

when ACCESS_POLICY_COMPLETED {
    set hsl [HSL::open -proto UDP -pool pool_172.16.0.21_syslog] 
    set mysession "session_id=[ACCESS::session data get session.user.sessionid]"
    set timestamp [clock format [clock seconds] -format "%d/%h/%Y:%T %Z" -gmt 1 ] 
    log local0. "access policy completed get session id" 
}
when ACCESS_ACL_ALLOWED {
    set mysession "session_id=[HTTP::header "LastMRH_Session"]"
    HSL::send $hsl "<190> $timestamp $mysession \n" 
    log local0. "access policy acl allowed" 
}

What is the error message that you get exactly?

Also, you should not use mysession across events like this because these variables have a per TCP flow context. If, for some reason (HTTP), the TCP connection gets recreated, mysession will no longer be in-scope because ACCESS_POLICY_COMPLETED will not fire for an existing session and ACCESS_ACL_ALLOWED will fail with a TCL runtime error because mysession is no longer present. Since this value is cached anyway, just re-run [ACCESS::session data get session.user.sessionid] in each event.