Forum Discussion

George_32239's avatar
George_32239
Icon for Nimbostratus rankNimbostratus
Oct 21, 2010

Session Cookies - Help !

Hi,

 

 

Apologies for banging on about cookie persistency. Got an odd one.

 

 

We have 2 web servers behind an LTM1500. Cookie persistency is enabled with source address as a backup method. Got a call saying most connection were going to one of the two servers about a 10:1 ration.

 

 

Jumped onto a desktop and accessed the site using IE. Had a look and no cookie came down to the desktop. Went to a https webmail site and did get a cookie.

 

 

Tried the same from my laptop and in IE got the same results, however if I used firefox I could see and use a perl script to decode the cookie all looked well.

 

 

The users are behind a proxy server, don't know if there is anything blocking this particular cookie coming down it is set with the default name.

 

 

Why would I get cookies from say a webmail site and linked in but not from this particular site that we host. Does it sound like a group policy thing or an IE thing that is stopping it ? (in IE i can just look at the folder and see no cookie)

 

 

I have checked and double checked the persistency set up

 

 

Any ideas as to where I should start to look next ?

 

 

Thanks All,

 

 

G

 

5 Replies

  • Hi George,

     

     

    I expect LTM is setting the cookie in both cases regardless of which browser the client is using. If you wanted to confirm this, you could either test from an IE client directly connected to LTM, capture a tcpdump or use an iRule to log the HTTP cookies in responses LTM sends. Assuming you verify this, you could step back though the network towards the clients that aren't seeing the cookie to figure out what is common to them.

     

     

    Aaron
  • Hi Aaron,

     

     

    Thanks for that. I've read through a few posts, seems to be a popular topic. I have asked for Firefox to be installed. I don't have access to the desktops just the LTM and it looks OK to me. I will post up the results when they come in. Network is 35k users plus so the processes to troubleshoot are quite a pain.

     

     

    Cheers,

     

     

    George
  • George: from the description of the behavior I'd guess that there's a proxy upstream of the BigIP. Have a look at this solution if this is the case: http://support.f5.com/kb/en-us/solutions/public/7000/900/sol7964.html?sr=11057641

     

     

    The basic idea is that you enable a oneconnect profile (use a /32 mask: 255.255.255.255), which will enforce a detach and a layer 7 evaluation for every request. Then your cookie persistence will start working again. This may not be the issue, but it sure sounds like it. I've run into this several times and oneconnect usually fixes it outright.

     

     

    Good luck!

     

    -Matt
  • Hi,

     

     

    Thanks for the reply. OK after a little more troubleshooting this is what I found.

     

     

    1) IE7 is poo !, well at least viewing cookies in it is poo !

     

    2) created a link with javascript - javascript:alert(document.cookie)

     

    3) logged on to application clicked newly created link and saw the cookie.

     

    4) logged out of the application, waited 10 mins

     

    5) logged back in, hey presto I am on the other app server

     

    6) repeat loads of times, each time I am on different app server, cookie shows me connected to different app server

     

    7) asked server bods to confirm me as logged on to seperate servers at particular times. They indeed confirm I am

     

     

    So, in conclusion, I make the assumption that, the load balancing and persistency is working.

     

     

    And that at the customer site, there is an issue with accepting cookies, so it falls back to source address

     

     

    I have written them a test script and ask them to perform same tests and see what they get, but they have not managed it yet.

     

     

    Thanks,

     

     

    George

     

     

    PS: Yes, I was behind a proxy (ISA) standard user rules (at least for our site) when tests run

     

     

    Make sense or am I talking rubbish !