ltm rule command session
iRule(1) BIG-IP TMSH Manual iRule(1)
session
Utilizes the persistence table to store arbitrary information based on
the same keys as persistence.
SYNOPSIS
session add SESSION_MODE
PERSIST_KEY
DATA
(indefinite | TIMEOUT)?
session (lookup | delete) SESSION_MODE
PERSIST_KEY
DESCRIPTION
Utilizes the persistence table to store arbitrary information based on
the same keys as persistence. This information does not affect the
persistence itself.
Syntax
Note: items marked with - are meant to be replaced with a value.
Arguments bracketed by [] are used to note they are optional. They
should not be confused with Tcl command evaluation.
= simple | source_addr | sticky | dest_addr | ssl | uie | hash | sip
= | { [any virtual | service | pool] [pool ] }
the latter key specification is used to delete persistence entries regardless of virtual, service, or pool association.
= The timeout in seconds. Defaults to 180 seconds. If the session key is touched (updated or looked up), the timeout counter starts over again.
session add []
* Stores user's data under the specified key for the specified
persistence mode
session lookup
* Returns user data previously stored using session add. If the
lookup key is a null string, a runtime TCL error will be triggered
and the connection will be reset. So it is a best practice to
explicitly check for a null key before attempting a session lookup.
session delete
* Removes user data previously stored using session add
When using the latter key specification above (e.g. = { any virtual }),
the session command expects the key (the data and associated "any
virtual" commands) to be a single argument; in other words, a list.
Often, users will want to specify some variable data in such a command.
However, the usual way of creating a list (via braces, as shown above)
will inhibit variable and command expansion. See https://devcentral.f5.com/articles/irules-optimization-101-04-delimiters-braces-brackets-quotes-and-more for more information on this.
To use variables and commands with these key specifications, users should
either use the list command to construct a list, or use double quotes,
which Tcl will interpret as a list. See the last two examples below.
Note: Starting in BIG-IP version 10, the session table is a simple,
global key/value table. Although the syntax is the same (for
compatibility with existing iRules), the specifier is ignored in
version 10, as are the any virtual and related specifiers.
RETURN VALUE
VALID DURING
AUTH_ERROR, AUTH_FAILURE, AUTH_RESULT, AUTH_SUCCESS,
AUTH_WANTCREDENTIAL, CACHE_REQUEST, CACHE_RESPONSE, CACHE_UPDATE,
CLIENT_ACCEPTED, CLIENT_CLOSED, CLIENT_DATA, CLIENT_LINE,
CLIENTSSL_CLIENTCERT, CLIENTSSL_HANDSHAKE, HTTP_CLASS_FAILED,
HTTP_CLASS_SELECTED, HTTP_REQUEST, HTTP_REQUEST_DATA,
HTTP_REQUEST_SEND, HTTP_RESPONSE, HTTP_RESPONSE_CONTINUE,
HTTP_RESPONSE_DATA, LB_FAILED, LB_SELECTED, NAME_RESOLVED,
PERSIST_DOWN, RTSP_REQUEST, RTSP_REQUEST_DATA, RTSP_RESPONSE,
RTSP_RESPONSE_DATA, SERVER_CLOSED, SERVER_CONNECTED, SERVER_DATA,
SERVER_LINE, SERVERSSL_HANDSHAKE, SIP_REQUEST, SIP_REQUEST_SEND,
SIP_RESPONSE, SIP_RESPONSE_SEND, STREAM_MATCHED, USER_REQUEST,
USER_RESPONSE, XML_BEGIN_DOCUMENT, XML_BEGIN_ELEMENT, XML_CDATA,
XML_END_DOCUMENT, XML_END_ELEMENT, XML_EVENT
EXAMPLES
Saves client cert in session table after handshake for retrieval during
subsequent requests:
when CLIENTSSL_CLIENTCERT {
# Set results in the session so they are available to other events
set ssl_cert [SSL::cert 0]
session add ssl [SSL::sessionid] $ssl_cert 180
}
when HTTP_REQUEST {
# Retrieve certificate information from the session
set ssl_cert [session lookup ssl [SSL::sessionid]]
}
when HTTP_REQUEST {
set lookup [list [IP::client_addr] any virtual]
set value [session lookup uie $lookup]
}
when HTTP_REQUEST {
set value [session lookup uie "[IP::client_addr] any pool"]
}
when HTTP_REQUEST {
set value [session lookup uie [list $myVar any virtual]]
}
HINTS
SEE ALSO
https://devcentral.f5.com/articles/irules-optimization-101-04-delimiters-braces-brackets-quotes-and-more
CHANGE LOG
@BIGIP-9.0.0 --First introduced the command.
BIG-IP 2017-01-31 iRule(1)