SSL session never ends

 

Hello,

 

 

I am trying to configure a https virtual server to load balance four WEB servers.

 

When a client ends his ssl session and tries to connect to again, he ocasionally receives and old page from his supposedly older ended ssl sesion. When a client clicks on any link of that old page, he is redirected to the main page again but if he refresh his session continuously (F5 key, F5 key ....) he can see the next WEB page as a result of his previous clicked link, without any authentication!!

 

 

 

Since the main page begins with a redirection, I have tried with an irule that found in the forum:

 

 

when HTTP_RESPONSE {

 

if {[HTTP::status] == 302} {

 

HTTP::header replace "Location" "https://myweb.domain.com:8081"

 

clientside {SSL::session invalidate}

 

}

 

}

 

 

but the problem continues.

 

 

 

I would remark three issues:

 

 

- I had another problem previously. A user could enter in the session of another logged user, and I solved this by disabling "unclean shutdown" and enabling "strict resume" in client and server SSL profile.

 

 

- I don´t use any persistence in the virtual server.

 

 

- I have not got CACHE module in my BIGIP.

 

 

 

Could be a persistence problem?

 

How can I force to end older SSL sessions?

 

 

 

Could you help me, please?

 

 

Thanks a lot in advance.

 

 

 

Juanma