Forum Discussion

Joshua_Rasnier's avatar
Joshua_Rasnier
Icon for Nimbostratus rankNimbostratus
Nov 25, 2013

Cookie persistence or Keepalives

Hi everyone,

Hope someone can shed some light.

Currently I am using a normal irule for a single virtual server as an example below.This virtual server is using custom cookie persistence.

when HTTP_REQUEST {                
    switch -glob [string tolower [HTTP::uri]] {                              
        "/non-ssl*" {
            SSL::disable serverside
            pool HTTP-pool
        }
        "/ssl*" {
            pool HTTPS-pool
        } 
    }
}
`


The issue I am finding is that when we browse to the non ssl website, then browse to the ssl website. When we go back to the original website all objects are coming up as 404. I have a feeling its the cookies but I thought that cookies would rewrite everytime it is forced to a new server.

One thing to note is that I found that when the 404 error occurs. Two to three minutes after you are able to refresh the page and it returns to normal operations. Which to me are a sign of keepalives being the issue, but cannot for the life of me think of why. 

I was thinking of changing my irule to the following,


`when HTTP_REQUEST {                
    switch -glob [string tolower [HTTP::uri]] {                              
        "/non-ssl*" {
            SSL::disable serverside
            persist cookie insert NONSSLCOOKIE
            pool HTTP-pool
        }
        "/ssl*" {
            persist cookie insert SSLCOOKIE
            pool HTTPS-pool
        } 
    }
}

Basically what I am asking to the more experienced, does this look like a cookie persistence issue or more of a keepalives issue?

APM
application delivery
design
devops
iRules
security

5 Replies

Sort By
  • Joshua_Rasnier's avatar
    Joshua_Rasnier
    Icon for Nimbostratus rankNimbostratus
    Nov 25, 2013
    I have also started looking into one-connect to maybe resolve the issue but currently unsure of it.
  • Joshua_Rasnier's avatar
    Joshua_Rasnier
    Icon for Nimbostratus rankNimbostratus
    Nov 26, 2013
    I have changed the cookie to the default and can confirm there are now two cookies. Also I have configured oneconnect. But there is no difference to the problem.
  • IheartF5_45022's avatar
    IheartF5_45022
    Icon for Nacreous rankNacreous
    Nov 26, 2013

    Your logic is good - what's your timeout on your cookies? Check using a browser developer tool. There's a tricky bug around 'persist cookie insert' that you have to be careful of here

     

  • IheartF5_45022's avatar
    IheartF5_45022
    Icon for Nacreous rankNacreous
    Nov 27, 2013

    Hi Joshy,

    Could you be dropping through to the default arm (which has not been defined)? Perhaps add some logging to see what's happening. Note that with the config you have there, if the uri doesn't match the 2 arms you've defined, the request will use the pool attached to the virtual and the cookie attached to the virtual, which depending on what is there, could explain what is happening.

    Hopefully the logging will explain all......

    when HTTP_REQUEST { 
    set debug 0  

    if {[HTTP::header exists "X-debug"]} 
        set debug 1
    }

      Set debug logging prefix
    if {$debug} {set prefix "\[[expr {int (rand() * 10000)}]\] "}   

    switch -glob [string tolower [HTTP::uri]] {                              
        "/non-ssl*" {
            SSL::disable serverside
            persist cookie insert NONSSLCOOKIE
            pool HTTP-pool
            if {$debug} {log local0. "${prefix}[HTTP::uri] non-ssl"}
        }
        "/ssl*" {
            persist cookie insert SSLCOOKIE
            pool HTTPS-pool
            if {$debug} {log local0. "${prefix}[HTTP::uri] non-ssl"}
        } 
        default {
            if {$debug} {log local0. "${prefix}[HTTP::uri] default"}
        }
    }
}
when LB_SELECTED {
    if { $debug } {log local0. "${prefix}LB_SELECTED [LB::server]"}
}