Cookies persistency

Question

I am using cookies to maintain the persistency for user to the web servers.  The cookies was created by the web server. Below is the irule for the cookies persistency.&nbsp;&nbsp;
&nbsp;when HTTP_RESPONSE {
&nbsp;  if { [HTTP::cookie exists "servercookie"] } {
&nbsp;    persist add uie [HTTP::cookie "servercookie"] 
&nbsp;  }
&nbsp;}
&nbsp;when HTTP_REQUEST {
&nbsp;  if { [HTTP::cookie exists "servercookie"] } {
&nbsp;    persist uie [HTTP::cookie "servercookie"] 
&nbsp;  }
&nbsp;}&nbsp;
&nbsp;The problem that I encounter here is the user will be not directed to other web servers if the current web server that he connected is down because the persistency for that current server is still there. I have 4 web servers and the load balancing method is using Round Robin. &nbsp;
&nbsp;Can i modify irule to redicrect the traffic to other web servers? Give show me example?&nbsp;&nbsp;&nbsp;&nbsp;

colin_walker_12 · Answer

If you're manually forcing the user to a particular server based on the cookie, you might want to add an LB_FAILED event in the iRule to remove persistence if you're ever not able to connect to the back-end server. Simply putting a persist none inside an LB_FAILED might get you there. 
&nbsp;  
&nbsp; Colin

thunderbird_920 · Answer

By referring to the link http://support.f5.com/kb/en-us/solutions/public/10000/200/sol10281.html, i edit the IRules to somethings as shown below. Is it correct? 
&nbsp;  
&nbsp;  
&nbsp; when LB_FAILED {       
&nbsp;      persist none      
&nbsp;      LB::reselect pool webpool_80       
&nbsp;    }  
&nbsp;  
&nbsp;  when HTTP_RESPONSE { 
&nbsp;       HTTP::cookie remove pool webpool_80 l 
&nbsp;    } 
&nbsp;  &nbsp;

hooleylist · Answer

That looks like a good start.  Is there a reason that you're not using cookie insert persistence instead though?  With cookie insert persistence LTM will manage this for you automatically without depending on an app-set cookie.  Also, with any HTTP property based persistence, you'll want to enable a OneConnect profile on the virtual server.  If you're using SNAT on the serverside connections you can use the default OneConnect profile with a /0 source mask.  If you're not using serverside source address translation, you can create a custom OneConnect profile with a /32 source mask.  See this article for details: 
&nbsp;  
&nbsp; http://devcentral.f5.com/wiki/default.aspx/AdvDesignConfig/oneconnect 
&nbsp;  
&nbsp; Aaron

thunderbird_920 · Answer

User is not directly connect to the virtual server of the web servers. In between, there are other another F5 and others servers involved. Therefore, it have to depend on the cookies issued by servers. Thank you for your help.

Forum Discussion

Cookies persistency

4 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Decoding the IPv4 address from the persistence cookie

How OneConnect Profile works with Cookie Persistence

Persistence Cookie Logging

Set the SameSite Attribute for LTM Persistence Cookies

Persistence Cookie Logger