Forum Discussion

Samir_Jha_52506's avatar
Samir_Jha_52506
Icon for Noctilucent rankNoctilucent
Aug 06, 2015

Kill session after Logout APM

Hi Expert,

I need your help to solve issue. I have configured application through APM with simple access policy(allow & deny). Requirement is once user will logoff from application, their session should be killed. Is there any way to kill user session through iRule. Please advice if below iRule is correct?

                    when HTTP_REQUEST  {
                     log local0. "[HTTP::uri]"
            if { [HTTP::uri] equals "/login" } {
                    after 2000 { ACCESS::session remove }
                    HTTP::redirect "/xyz/logh.aspx"
            }
                    }
application delivery
ASM Advanced WAF
availability
BIG-IP DNS
performance
security
TMSH

4 Replies

Sort By
  • Salim_83682's avatar
    Salim_83682
    Historic F5 Account
    Aug 06, 2015

    Hi,

     

    There is a logout feature within APM in the Access Profile properties. Just define the Logout URI you need (i.e /logout.php /logoff.html ...) and APM will kill the session once its sees these after a short delay (default 5s but customizable) to allow a short time to display subsequent pages after the logout process (i.e /loggedout.php 'Thank you for logging out, please come back' or similar.)

     

    Salim

     

    • Samir_Jha_52506's avatar
      Samir_Jha_52506
      Icon for Noctilucent rankNoctilucent
      Aug 06, 2015
      any idea, where to add logout profile. Start-->Loginpage-- Auth--Sucess--> allow Auth --->fallback--> deny
    • Salim_83682's avatar
      Salim_83682
      Historic F5 Account
      Aug 06, 2015
      This is not within the Visual Policy Editor (VPE) but in the main page of your Access Profile.
  • Amit_Grover_171's avatar
    Amit_Grover_171
    Icon for Nimbostratus rankNimbostratus
    Aug 07, 2015

    Hi,

    Try this 

    when HTTP_REQUEST {
if { [HTTP::uri] equals "/logoff" } {
    ACCESS::session remove
}
}

    /Regards Amit Grover