Forum Discussion

16 Replies

Sort By
  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    Aug 20, 2014

    Not sure you can delete an APM variable but you can for sure remove its value with the following command :

    ACCESS::session data set [-sid ] [-secure]  []

    where sid is the Session ID and key is the variable name.

  • Andrea_Arquint's avatar
    Andrea_Arquint
    Icon for Nimbostratus rankNimbostratus
    Aug 20, 2014

    I mean it does work like this

    ACCESS::session data set –sid 12345678901234567234562345 session.logon.last.username “”

  • brad_11480's avatar
    brad_11480
    Icon for Nimbostratus rankNimbostratus
    Oct 02, 2014

    I am trying to get session information for another session. When I use the sessiondump command i get 8 digit session numbers, but when i try to use them in a ACCESS::session data get -sid 12345678 it returns an error that the session doesn't exist. from the above example the sid seems to be a much larger value. I'm curious what the sid value should be?

     

    Then, is there a way to obtain the list of active sessions -- sessionid's as I would like to roll through all active sessions and report some of the session information.

     

    thank you.

     

  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    Oct 02, 2014

    hello,

     

    the sid is the full MRHSession cookie value not just the last 8 digits (LastMRH_Session)

     

  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    Oct 02, 2014

    hello,

     

    the sid is the full MRHSession cookie value not just the last 8 digits (LastMRH_Session)

     

  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    Oct 02, 2014

    hello,

     

    the sid is the full MRHSession cookie value not just the last 8 digits (LastMRH_Session)

     

  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    Oct 02, 2014

    hello,

     

    the sid is the full MRHSession cookie value not just the last 8 digits (LastMRH_Session)

     

  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    Oct 02, 2014

    hello,

     

    the sid is the full MRHSession cookie value not just the last 8 digits (LastMRH_Session)

     

    • brad_11480's avatar
      brad_11480
      Icon for Nimbostratus rankNimbostratus
      Jun 06, 2017

      well, actually it seems that it only looks at the last 8 digits. seems anything can be used in the first 24 digits.. use z or x (doesn't even have to be hex digits). So don't be fooled thinking the 32 digit string is more secure or has any other significance.....

       

      why they require 32 digits when only 8 are used is strange...

       

    • Yann_Desmarest's avatar
      Yann_Desmarest
      Icon for Cirrus rankCirrus
      Jun 13, 2017

      Hi,

       

      You can have a look at this article : https://support.f5.com/csp/article/K15387

       

      They explain that the first 24 HEX digits is rotated during policy evaluation for security reasons.

       

      I think that the MRHSession is really important when you are under policy evaluation. Once logged in, Last_MRHSession is the only required cookie.

       

    • brad_11480's avatar
      brad_11480
      Icon for Nimbostratus rankNimbostratus
      Jun 19, 2017

      Good information. I'm using it after the session evaluation is complete and the session is underway, and the document does say: "After Access Policy evaluation, the session ID remains static.". But the interesting part is that I can use the last 8 digits anything as the first 24 digits and it is successful-- it doesn't have to match the value of the MRHSession cookie. I am, however, checking a full match with my code as I require it to match all 32 digits.

       

  • Yann_Desmarest_'s avatar
    Yann_Desmarest_
    Icon for Nacreous rankNacreous
    Oct 02, 2014

    hello,

     

    the sid is the full MRHSession cookie value not just the last 8 digits (LastMRH_Session)

     

    • brad_11480's avatar
      brad_11480
      Icon for Nimbostratus rankNimbostratus
      Jun 06, 2017

      well, actually it seems that it only looks at the last 8 digits. seems anything can be used in the first 24 digits.. use z or x (doesn't even have to be hex digits). So don't be fooled thinking the 32 digit string is more secure or has any other significance.....

       

      why they require 32 digits when only 8 are used is strange...

       

    • Yann_Desmarest_'s avatar
      Yann_Desmarest_
      Icon for Nacreous rankNacreous
      Jun 13, 2017

      Hi,

       

      You can have a look at this article : https://support.f5.com/csp/article/K15387

       

      They explain that the first 24 HEX digits is rotated during policy evaluation for security reasons.

       

      I think that the MRHSession is really important when you are under policy evaluation. Once logged in, Last_MRHSession is the only required cookie.

       

    • brad_11480's avatar
      brad_11480
      Icon for Nimbostratus rankNimbostratus
      Jun 19, 2017

      Good information. I'm using it after the session evaluation is complete and the session is underway, and the document does say: "After Access Policy evaluation, the session ID remains static.". But the interesting part is that I can use the last 8 digits anything as the first 24 digits and it is successful-- it doesn't have to match the value of the MRHSession cookie. I am, however, checking a full match with my code as I require it to match all 32 digits.