Utilizes the persistence table to store arbitrary information based on the same keys as persistence. This information does not affect the persistence itself.


Note: items marked with are meant to be replaced with a value. Arguments bracketed by [] are used to note they are optional. They should not be confused with Tcl command evaluation.
session add <mode> <key> <data> [<timeout>]
session lookup <mode> <key>
session delete <mode> <key>

   <mode> = simple | source_addr | sticky | dest_addr | ssl | uie | hash | sip
   <key> = <mode specific value> | { <value> [any virtual | service | pool] [pool <name>] }
     the latter key specification is used to delete persistence entries regardless of virtual, service, or pool association.

  <timeout> = The timeout in seconds. Defaults to 180 seconds.  If the session key is touched (updated or looked up), the timeout counter starts over again.

session add

  • Stores user’s data under the specified key for the specified persistence mode

session lookup

  • Returns user data previously stored using session add. If the lookup key is a null string, a runtime TCL error will be triggered and the connection will be reset. So it is a best practice to explicitly check for a null key before attempting a session lookup.

session delete

  • Removes user data previously stored using session add

When using the latter key specification above (e.g. = { any virtual }), the session command expects the key (the data and associated “any virtual” commands) to be a single argument; in other words, a list. Often, users will want to specify some variable data in such a command. However, the usual way of creating a list (via braces, as shown above) will inhibit variable and command expansion. See for more information on this. To use variables and commands with these key specifications, users should either use the list command to construct a list, or use double quotes, which Tcl will interpret as a list. See the last two examples below.
Note: Starting in BIG-IP version 10, the session table is a simple, global key/value table. Although the syntax is the same (for compatibility with existing iRules), the specifier is ignored in version 10, as are the any virtual and related specifiers.


Saves client cert in session table after handshake for retrieval during subsequent requests:
  # Set results in the session so they are available to other events
  set ssl_cert [SSL::cert 0]
  session add ssl [SSL::sessionid] $ssl_cert 180
  # Retrieve certificate information from the session
  set ssl_cert [session lookup ssl [SSL::sessionid]]

   set lookup [list [IP::client_addr] any virtual]
   set value [session lookup uie $lookup]

   set value [session lookup uie "[IP::client_addr] any pool"]

   set value [session lookup uie [list $myVar any virtual]]