Forum Discussion

rezgui_180607's avatar
rezgui_180607
Icon for Nimbostratus rankNimbostratus
Dec 25, 2014

probleme in the session ID

the session ID doesn't apperied when i try to acced to .jar file

this the my logs 

Fri Dec 12512:32:39 GMT 2014 alert local/tmm1tmm1[5083] Rule irl-pub_S1F2 :

Access Allowed by public F5: normal request (Client IP: xxx.xxx.xxx.xxx) - HTTP Method: GET - HTTP HOST: xxx.1xx.1xx.xxx - HTTP URI: /Report.jar - HTTP Path: ReportViewer.jar - HTTP Query: - Client ID: xx.xxx.xxx.xxx: - Session table value:

correct logs for other link by the same irule but not for a jar file

Client ID: xxx.xxx.xxx.xxx:1FCF734F74BDCC11E3531DB181C52BBB - Session table value: CJX5cpRTUapNenCk+a9ibA==

this the bloc of my irule

if { $static::iRule_secWeb_verbosity == "3" } {
            set client_ip [IP::client_addr]
            set pretups_cookie [HTTP::cookie "JSESSIONID"]
            set client_id "${client_ip}:${pretups_cookie}"
            set lookupval [ table lookup -subtable "TABLE_AUTHENTICATED_HOSTS" $client_id ]
            set cook [HTTP::cookie "namecookie"]
            log local0.alert "User authentication success (Client IP: ${client_ip}) - Client ID: ${client_id} - Session table value: ${lookupval}"
        }

thanks in Advance

application delivery
devops
iRules

4 Replies

Sort By
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Dec 25, 2014
    Fri Dec 12512:32:39 GMT 2014 alert local/tmm1tmm1[5083] Rule irl-pub_S1F2 : Access Allowed by public F5: normal request (Client IP: xxx.xxx.xxx.xxx) - HTTP Method: GET - HTTP HOST: xxx.1xx.1xx.xxx - HTTP URI: /Report.jar - HTTP Path: ReportViewer.jar - HTTP Query: - Client ID: xx.xxx.xxx.xxx: - Session table value:

    is JSESSIONID cookie missing?

  • rezgui_180607's avatar
    rezgui_180607
    Icon for Nimbostratus rankNimbostratus
    Dec 25, 2014

    the problem is there i dont have a JSESSIONID when i try to acced to a jar file but the irule work fine when i acced to other link we have a JSESSIONID

     

    how can i resolve this?

     

    which test need to add it to have a JSESSIONID when i acced to a jar file

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Dec 25, 2014

    which test need to add it to have a JSESSIONID when i acced to a jar file

     

    is this relevant? if you cannot change application side, you may try to remove httponly using irule.

     

    JSESSIONID not sent by IE8 when requesting Java Applet

     

    https://community.oracle.com/message/3747820