ACCESS_SESSION_STARTED¶
Description¶
This event is triggered when a new user session is created. This is
triggered after creating the session context and initial session
variables related to user’s source IP, browser capabilities and
accepted languages etc. This event is a notification to admin that a
new session is being created. Admin can use this event to do some more
session restriction checks, and prevent the session from being created
in this event. For e.g. if user is exceeding some kind of limit
(concurrent sessions etc.) or if the user does not qualify for a new
session due to some thing which is a custom logic. Admin can use
ACCESS::session commands to get and set various session variables.
Admin can also use TCP/SSL/HTTP iRule commands to know various
TCP/SSL/HTTP properties of the user.
Examples¶
Example 1: In this example, admin logs user’s agent
when ACCESS_SESSION_STARTED {
log local0.notice "APM: Received a new session from browser: [ACCESS::session data get "session.user.agent"]"
}
Example 2: In this example, admin limits the application access to one
subnet 192.168.255.0 only.
when ACCESS_SESSION_STARTED {
set user_subnet [ACCESS::session data get "session.user.clientip"]
if { ![IP::addr $user_subnet equals 192.168.255.0/24] } {
log local0. "Unauthorized subnet"
ACCESS::session remove
}
}