Access policy evaluation is already in progress for your current session.

Question

I have an access policy to provide single sign-on amongst a set of Windows (NTLM) authenticated web sites. I have set up a 'Logout URI Include' in the 'Configurations' of the Access Profile. For the most part logging in and out works quite well.&nbsp;
&nbsp;Occasionally however logging out throws up some problems. The following events usually do it:&nbsp;
&nbsp;- URI it takes longer than the timeout value to display the page, then browse to another page.
&nbsp;- Stay on the logout page for a long time then try and visit the site again.
&nbsp;- During the logout timeout period start hitting other pages on the site.&nbsp;
&nbsp;The following message is displayed by the APM. It's not terribly friendly, but clicking on the link will let you log in again but will create unnecessary APM sessions:&nbsp;
&nbsp;Access policy evaluation is already in progress for your current session.
&nbsp;You may see this message, if you are using a different browser tab than the one where you started the access policy initially. Please continue to finish your access policy in the previous browser tab, and close this current window immediately.&nbsp;
&nbsp;If you have reached to this message due to some other error, click here for creating a new session.&nbsp;
&nbsp;Has anyone got any suggestion on why this is happening, where I can find more info on problems with APM sessions and logging out or how to avoid this problem.&nbsp;
&nbsp;Regards,
&nbsp;Darryl&nbsp;&nbsp;

kevin_stewart · Answer

The already in progress error page, for the most part, is triggered when you attempt to access a non-APM URI:
During the access policy evaluation, andWith a URI that doesn't match the original URI - stored in the session.server.landinguri session variable.
Not sure if this will help you, but the following should ensure that a non-APM/non-original URI does not trigger the in progress error:
when HTTP_REQUEST {
    if { ( [HTTP::cookie exists MRHSession] ) and not ( [ACCESS::session exists -state_allow [HTTP::cookie value MRHSession]] ) } {
        if { ( [HTTP::uri] ne [ACCESS::session data get session.server.landinguri] ) and not ( [ACCESS::session data get session.server.landinguri] eq "" ) } {
            HTTP::redirect [ACCESS::session data get session.server.landinguri]
        }       
    }
}

The idea is this. If an HTTP request comes in that:
Has the MRHSession cookieHas an access policy that is not completed, andThe request URI does not match the landinguri variable
redirect back to the landinguri URI.

tll_91858 · Answer

Darryl,&nbsp;
 &nbsp;
Did you ever get this figured out?  I've got the same message showing up after implementing my APM policy for SSO.&nbsp;
 &nbsp;
Tom&nbsp;

mandrake · Answer

Any luck with this error message ? i get it when i hit the root path and then try to change uri without log in. I ideally expect it to get back to login screen

asim_sharfuddin · Answer

I have the same problem, did you guys got the solution?&nbsp;

Forum Discussion

Access policy evaluation is already in progress for your current session.

4 Replies

Recent Discussions

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Related Content

Custom APM Logon page Access policy evaluation is already in progress for your current session

iRule operator evaluation order OR/AND

Intermediate iRules: Evaluating Performance

Enforcing individual APM Policy "In Progress Sessions Limits"

The client's IP address changed while the session was in progress.