Forum Discussion

Reddy1's avatar
Reddy1
Icon for Altostratus rankAltostratus
Apr 04, 2020

Session Time-out based on the username

Hi All,

 

We have a requirement to assign the session time-out for the ssl-vpn based on the username. I did create the below irule, however its not getting the username, hence the class match line will not match. I did add the log statement for the variable userid, however i have noticed the irule is getting triggered right after the vpn request hits the APM. I doubt if its the right event to capture the session variables. It would be great if i can get some help here.

 

when ACCESS_SESSION_STARTED {

set userid [mcget {session.logon.last.username}]

set userip [ACCESS::session data get "session.user.clientip"]

if {[class match $userid equals Userid_Custom_7_days]} {

ACCESS::session data set session.max_session_timeout "604800"

log local0. "Incomming userid : $userid and the session-timeout is 7-Days"

} else {

ACCESS::session data set session.max_session_timeout "86400"

log local0. "Incomming userid : $userid and the session-timeout is 24-Hours"

}

 

 

Thanks,

Reddy