Rab_101866
Mar 04, 2010Nimbostratus
Session reuse issue
Hi,
we have a Virtual server load balancing two apache servers that proxy requests back into a VS on the same big ip box. The request is then routed to a pool of Websphere servers. (Why we do this is because the apache servers will eventually have Oracle Access manager policies applied to the traffic, And we are fronting all our existing infrastructure with these boxes.)
The problem is when we send HTTPS traffic through we are seeing strange behaviour, it looks like an SSL session is being reused and users are getting other peoples data back.
Going through the infrastructure without the bigip/apache works.
Going through the second VS bypassing apache works.
Going through the apache server and the VS does not work correctly.
Each hop through the big ip box decrypts and then re-encrypts the request.
I think it must be something to do with the session id being reused by multiple requests but I can not prove this and I do not know how see where the problem is, is it with the apache server or the big ip box or a combination of the two.
Any thoughts would be welcome.
Rab.