session¶
Description¶
Utilizes the persistence table to store arbitrary information based on
the same keys as persistence. This information does not affect the
persistence itself.
Syntax¶
Note: items marked with are meant to be replaced with a value.
Arguments bracketed by [] are used to note they are optional. They
should not be confused with Tcl command evaluation.
session add <mode> <key> <data> [<timeout>]
session lookup <mode> <key>
session delete <mode> <key>
<mode> = simple | source_addr | sticky | dest_addr | ssl | uie | hash | sip
<key> = <mode specific value> | { <value> [any virtual | service | pool] [pool <name>] }
the latter key specification is used to delete persistence entries regardless of virtual, service, or pool association.
<timeout> = The timeout in seconds. Defaults to 180 seconds. If the session key is touched (updated or looked up), the timeout counter starts over again.
session lookup¶
- Returns user data previously stored using session add. If the lookup key is a null string, a runtime TCL error will be triggered and the connection will be reset. So it is a best practice to explicitly check for a null key before attempting a session lookup.
session delete¶
- Removes user data previously stored using session add
When using the latter key specification above (e.g. = { any virtual
}), the session command expects the key (the data and associated “any
virtual” commands) to be a single argument; in other words, a list.
Often, users will want to specify some variable data in such a
command. However, the usual way of creating a list (via braces, as
shown above) will inhibit variable and command expansion. See
https://devcentral.f5.com/s/articles/irules-optimization-101-04-delimiters-braces-brackets-quotes-and-more
for more information on this. To use variables and commands with these
key specifications, users should either use the list command to
construct a list, or use double quotes, which Tcl will interpret as a
list. See the last two examples below.
Note: Starting in BIG-IP version 10, the session table is a simple,
global key/value table. Although the syntax is the same (for
compatibility with existing iRules), the specifier is ignored in
version 10, as are the any virtual and related specifiers.
Examples¶
Saves client cert in session table after handshake for retrieval
during subsequent requests:
when CLIENTSSL_CLIENTCERT {
# Set results in the session so they are available to other events
set ssl_cert [SSL::cert 0]
session add ssl [SSL::sessionid] $ssl_cert 180
}
when HTTP_REQUEST {
# Retrieve certificate information from the session
set ssl_cert [session lookup ssl [SSL::sessionid]]
}
when HTTP_REQUEST {
set lookup [list [IP::client_addr] any virtual]
set value [session lookup uie $lookup]
}
when HTTP_REQUEST {
set value [session lookup uie "[IP::client_addr] any pool"]
}
when HTTP_REQUEST {
set value [session lookup uie [list $myVar any virtual]]
}