Bug ID 604768: ACCESS::session iRules did not work with IP-based sessions

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 12.1.6

Fixed In:

Opened: Jul 13, 2016
Severity: 3-Major
Related Article:


IP-based sessions rely on an internal IP to session mapping table. The ACCESS::session iRules were not using this table, so in IP-based session scenarios they never find the session. A simple iRule like this should generate a lot of logs. In an IP-based session scenario it would never log. when HTTP_REQUEST { if { [ACCESS::session exists] } { log local0. "Found Access Session" } }


ACCESS::session commands are essentially unavailable to IP-based sessions.


SWG configuration with IP-based sessions. Attach an iRule to the virtual that includes ACCESS::session commands. They will not work as expected.



Fix Information

All ACCESS::session commands were updated to read the IP to session mapping table when an access profile with IP-based sessions is attached to the virtual. ACCESS::session create has been updated, and it respects the 1-1 correspondence between IP addresses and sessions. If this IP address already has an associated session, APM returns that session. Otherwise we create a new session, and add it to the table.

Behavior Change