Sticky session for cookiless clients

Question

Hello,&nbsp;
&nbsp;I am in study phase of a project where I would like to ensure session persistence between cookieless web clients and application server instances (Tomcat or Weblogic).&nbsp;
&nbsp;Between the web clients and the application servers instances hosting my webapps I consider using an F5 Load Balancer (hence posting this topic here, apologies if this is not the correct forum).&nbsp;
&nbsp;Hence the session needs to be persisted somehow. I would like to avoid handling this at server side by doing some URL rewriting.&nbsp;
&nbsp;1) Can this be done using a specific F5 equipement / setting, which equipement and how ?&nbsp;
&nbsp;2) Can I ensure session persistence based on HTTP header sent by the client (cookiless). Will F5 equipement store in a table the header value and the session id to find out the application server instance at the next query ?&nbsp;
&nbsp;Many Thanks for your answers.&nbsp;
&nbsp;P.&nbsp;

hooleylist · Answer

Hi, 
&nbsp;  
&nbsp; So the clients don't support cookies but can be configured to send a custom HTTP header with a session ID?  What kind of client is this? 
&nbsp;  
&nbsp; In concept, TMM can persist on any request header or payload token.  Headers are easier as TMM wouldn't need to buffer the request payloads.  But it should be fairly simple to parse the HTTP header value and persist on it using 'persist uie': 
&nbsp;  
&nbsp; http://devcentral.f5.com/wiki/default.aspx/iRules/persist 
&nbsp;  
&nbsp; TMM will store the token value and corresponding pool member IP:port.  On each request where the client presents that token, they will be persisted to the same pool member. 
&nbsp;  
&nbsp; Aaron

paloum_73628 · Answer

Hello,

Thanks for your prompt reply I will have a look at TMM.

"So the clients don't support cookies but can be configured to send a custom HTTP header with a session ID? What kind of client is this? "
=&gt; It is Flex based clients or 3rd part clients using SOAP and for which we have no garanties that they accept cookies.
=&gt; no the session id is not on the HTTP header but provided by the application server instance at each session issued by the client.

My real concern here is to ensure not only server persistence (same session goes to the same application server instance) but session persistence (a session S1 going to application server instance ASI1 based will go at the next round trip to the same application server ASI1 AND most importantly with the same session id so the session persistence is maintained. Otherwise we loose the session).

BR&nbsp;
&nbsp;Note : here by session we mean Http session.&nbsp;

paloum_73628 · Answer

Moreover can you point me some links to find documentation related to TMM product ? Thanks in advance. P.

michael_yates · Answer

The TMM (Traffic Management Microkernel) is a process that runs on the BIG-IP. 
&nbsp;  
&nbsp; You can review SOL3242 (http://support.f5.com/kb/en-us/solutions/public/3000/200/sol3242.html) for an overview if you want specific information on it, but Hoolio is describing some of the functionality that it can provide you with your persistence issue.

Forum Discussion

Sticky session for cookiless clients

4 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Agility sessions announced

iRule based RADIUS Client Stack

source address persistence maximum session timeout

HTTP Session Limit

Upgrade APM edge client