AndOs
Dec 09, 2012Cirrostratus
Redirect loop on APM logon page
Hi!
I'm getting a strange behavior with the default APM logon pages after making a configuration for exchange 2010 with the latest iApp (2012-06-08).
The thing I'm seeing is that users that does not complete the logon process get a redirect-loop on the APM logon page after their session has timed out.
I made a packet capture of this and I suspect that when the message "session expired/timeout" is displayed the small image, next to the link, actually refreshes the session.
Example scenario:
User connects to mail.company.com to logon to OWA.
APM creates a session. (visible under Access Policy / Manage Sessions)
Session start time is 12:00:00, expiration is 12:05:00
The user doesn't logon, and after 5 min the "session expired/timeout" message appears with a link to start a new session.
Looking in Access Policy / Manage Sessions the session expiration is now 12:10:00
User clicks the link and the browser hangs (Chrome displays a warning that a redirect loop has occurred).
Example of the loop:
Client:
GET /owa/ HTTP/1.1\r\n
Referer: https://mail.company.com/my.policy\r\n
Accept-Language: sv\r\n
Accept-Encoding: gzip, deflate\r\n
Host: mail.company.com\r\n
Connection: Keep-Alive\r\n
Cookie: LastMRH_Session=8349644d; MRHSession=13626a47c33834faf76e4c078349644d; TIN=0\r\n
Big-ip:
HTTP/1.0 302 Found\r\n
Server: BIG-IP\r\n
Connection: Close\r\n
Content-Length: 0\r\n
Location: /owa/\r\n
Set-Cookie: LastMRH_Session=8349644d;path=/;secure\r\n
Set-Cookie: MRHSession=13626a47c33834faf76e4c078349644d;path=/;secure\r\n
\r\n
Just to test, I changed the session timeout message and removed the image, and the redirect loop went away!
Has anyone else seen this?
We're running 11.2.1
Is this a bug, or have we made some mistake in our configuration?
Haven't tested with a plain vanilla access policy without using the exchange iApp.
We can live with not having image present, but the behavior is a bit weird :)
Best regards
Andreas