Forum Discussion

boommen_197293's avatar
boommen_197293
Icon for Nimbostratus rankNimbostratus
May 05, 2016

handling 302 redirect from tomcat node

Hey Everyone,

 

I'm facing an issue where there is a 15 minute idle timeout hardcoded on the backend tomcat server. When this 15 minute idle time is reached, the session should redirect to the same webserver and the user needs to re-authenticate to continue. The problem I'm facing is that when the session is cleaned up on the tomcat server, the f5 connection dies. I need to figure out a way for the f5 to handle the 302 redirect which will allow it to connect back to the webserver for authenication. Also, here's a brief on the scenario:

 

A session hits the VS using 443. B/c of client requirements, the back end connection must happen over 443 also. I have persistence based on cookie, and specifically JSESSIONID. I have used the irule below for jsession:

 

when HTTP_RESPONSE { if { [HTTP::header exists "jsessionid"] } { set jsess_resp [findstr [HTTP::header "jsessionid"] "!" 1 "!"] if { $jsess_resp != "" } { persist add uie $jsess_resp } } }

 

when performing an ssldump, I only see handshake failures on the server side of the connection, and I'm assuming this happens after the session is cleaned up on the tomcat server.

 

Any help is appreciated!

 

application delivery
LTM

1 Reply

Sort By
  • BinaryCanary_19's avatar
    BinaryCanary_19
    Historic F5 Account
    May 06, 2016

    If you are trying to persist based on JSession cookie, you should look at and follow the example in Overview of universal persistence

     

    If the session has timed out, why does it matter which server the user re-connects to? They will need to re-authenticate, and presumably, any server they land on should be able to service them?

     

    I think it will be a bit involved to accomplish this. You would need to somehow store the server's IP (check out irule session/table commands) address, and match that with the JSessionId value, and whenever you see a particular JsessionId, you would use the pool member command to send the connections directly to the required server retrieved from the session table... then you have to make sure you update the JsessionID whenever it changes, and think about cleanup too.

     

    Alternatively, you could encode the desired IP address in a cookie sent to the client whenever the server sends a 302, and then whenever you get a request that contains this cookie, use pool member command to chose that IP address, and then unset the cookie, and add a persistence entry after all that has been done.

     

    I think I can work out the logic, I'm not good with irule syntax, so can't provide working sample code. I can share pseudocode I think could serve, if you need guidance.