Forum Discussion

sundogbrew's avatar
sundogbrew
Icon for Altocumulus rankAltocumulus
May 02, 2013

Cookie timeout

So here is the long and short of it. I am trying to set a cookie with timeout so that I can migrate users off a machine for patching. Seems like this would be a simple function? I am not fiding it to be?

 

I have 2 F5s one runs 10.2 and the other runs 11.2

 

on the system that runs 10.2 I have a cookie setup that is just a cookie insert with 4 hour timeout. The way this works is everytime you go to the page that 4 hours resets. So it is 4 hours from the last time you were on the site even if you just sit there and hit the refresh on your browser.

 

On the sytem that runs 11.2 I am trying to get that very functionality but when I go to the page my cookie says it expires in 4 hours so 19:00 if I refresh in an hour it still says 19:00 not 20:00 which is what I would expect and what I get on the above. So you only get 4 hours from the first time you went to the site.

 

I have no idea why? One other question, if you select disabled (only persistant or active connections allowed) does that override the cookie timeout and force it to timeout?

 

Thanks as always

 

Joe

 

4 Replies

  • Hi Joe,

     

     

    There's an open bug on this:

     

    Bug 397337 - BIG-IP should send cookie always in response especially if cookie expiration is in play

     

     

    The workaround is to set 'always send cookie' on any cookie persistence profile that has a time expiration.

     

     

    Aaron
  • Thanks Hoolio,

     

    I tried the always send cookie option and it still doesn't work unless I leave the site and comeback but for a refresh it doesn't work.

     

    Is there any info on this bug? I can't seem to find anything? I opened a ticket with F5 to get some documentation and see if going to a newer version would fix it or if there is a hotfix for it but haven't yet heard anything back.

     

    Thanks

     

    Joe
  • Is there any info on this bug? I can't seem to find anything? I opened a ticket with F5 to get some documentation and see if going to a newer version would fix it or if there is a hotfix for it

    ID397337 is not fixed yet.

     

     

    I tried the always send cookie option and it still doesn't work unless I leave the site and comeback but for a refresh it doesn't work.

    always-send seems working fine on my 11.3.0.

     

  •  v10.2.4
    
    [root@ve10:Active] config  b version|grep -iA 1 version
    BIG-IP Version 10.2.4 655.0
    Hotfix HF4 Edition
    
    [root@ve10:Active] config  b virtual bar list
    virtual bar {
       snat automap
       pool foo
       destination 172.28.19.252:80
       ip protocol 6
       persist mycookie
       profiles {
          http {}
          tcp {}
       }
    }
    [root@ve10:Active] config  b profile mycookie list
    profile persist mycookie {
       mode cookie
       cookie expiration 0:10:00
    }
    
    [root@ve10:Active] config  curl -I http://172.28.19.252
    HTTP/1.1 200 OK
    Date: Sat, 04 May 2013 06:49:05 GMT
    Server: Apache/2.2.3 (CentOS)
    Last-Modified: Sat, 27 Oct 2012 03:22:35 GMT
    ETag: "4183f3-59-f28f94c0"
    Accept-Ranges: bytes
    Content-Length: 89
    Content-Type: text/html; charset=UTF-8
    Set-Cookie: BIGipServerfoo=1707657416.20480.0000; expires=Sat, 04-May-2013 06:48:23 GMT; path=/
    
    [root@ve10:Active] config  curl -I http://172.28.19.252 -H "Cookie: BIGipServerfoo=1707657416.20480.0000; expires=Sat, 04-May-2013 06:48:23 GMT; path=/"
    HTTP/1.1 200 OK
    Date: Sat, 04 May 2013 06:49:15 GMT
    Server: Apache/2.2.3 (CentOS)
    Last-Modified: Sat, 27 Oct 2012 03:22:35 GMT
    ETag: "4183f3-59-f28f94c0"
    Accept-Ranges: bytes
    Content-Length: 89
    Content-Type: text/html; charset=UTF-8
    Set-Cookie: BIGipServerfoo=1707657416.20480.0000; expires=Sat, 04-May-2013 06:48:33 GMT; path=/
    
     v11.3.0
    
    root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) show sys version|grep -A 5 Main\ Package
    Main Package
      Product  BIG-IP
      Version  11.3.0
      Build    3022.0
      Edition  Hotfix HF3
      Date     Fri Feb 22 00:00:34 PST 2013
    
    root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm virtual bar
    ltm virtual bar {
        destination 172.28.20.16:80
        ip-protocol tcp
        mask 255.255.255.255
        persist {
            mycookie {
                default yes
            }
        }
        pool foo
        profiles {
            http { }
            tcp { }
        }
        source 0.0.0.0/0
        source-address-translation {
            type automap
        }
        vlans-disabled
    }
    root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm persistence cookie mycookie
    ltm persistence cookie mycookie {
        always-send disabled
        app-service none
        expiration 10:0
    }
    
    [root@ve11a:Active:Changes Pending] config  curl -I http://172.28.20.16
    HTTP/1.1 200 OK
    Date: Sat, 04 May 2013 06:51:23 GMT
    Server: Apache/2.2.3 (CentOS)
    Last-Modified: Sat, 27 Oct 2012 03:22:35 GMT
    ETag: "4183f3-59-f28f94c0"
    Accept-Ranges: bytes
    Content-Length: 89
    Content-Type: text/html; charset=UTF-8
    Set-Cookie: BIGipServerfoo=1707657416.20480.0000; expires=Sat, 04-May-2013 06:44:06 GMT; path=/
    
    [root@ve11a:Active:Changes Pending] config  curl -I http://172.28.20.16 -H "Cookie: BIGipServerfoo=1707657416.20480.0000; expires=Sat, 04-May-2013 06:44:06 GMT; path=/"
    HTTP/1.1 200 OK
    Date: Sat, 04 May 2013 06:51:31 GMT
    Server: Apache/2.2.3 (CentOS)
    Last-Modified: Sat, 27 Oct 2012 03:22:35 GMT
    ETag: "4183f3-59-f28f94c0"
    Accept-Ranges: bytes
    Content-Length: 89
    Content-Type: text/html; charset=UTF-8
    
    root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) modify ltm persistence cookie mycookie always-send enabled
    root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm persistence cookie mycookie
    ltm persistence cookie mycookie {
        always-send enabled
        app-service none
        expiration 10:0
    }
    
    [root@ve11a:Active:Changes Pending] config  curl -I http://172.28.20.16
    HTTP/1.1 200 OK
    Date: Sat, 04 May 2013 06:52:00 GMT
    Server: Apache/2.2.3 (CentOS)
    Last-Modified: Sat, 27 Oct 2012 03:22:35 GMT
    ETag: "4183f3-59-f28f94c0"
    Accept-Ranges: bytes
    Content-Length: 89
    Content-Type: text/html; charset=UTF-8
    Set-Cookie: BIGipServerfoo=1707657416.20480.0000; expires=Sat, 04-May-2013 06:44:43 GMT; path=/
    
    [root@ve11a:Active:Changes Pending] config  curl -I http://172.28.20.16 -H "Cookie: BIGipServerfoo=1707657416.20480.0000; expires=Sat, 04-May-2013 06:44:43 GMT; path=/"
    HTTP/1.1 200 OK
    Date: Sat, 04 May 2013 06:52:08 GMT
    Server: Apache/2.2.3 (CentOS)
    Last-Modified: Sat, 27 Oct 2012 03:22:35 GMT
    ETag: "4183f3-59-f28f94c0"
    Accept-Ranges: bytes
    Content-Length: 89
    Content-Type: text/html; charset=UTF-8
    Set-Cookie: BIGipServerfoo=1707657416.20480.0000; expires=Sat, 04-May-2013 06:44:51 GMT; path=/