Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1
Fixed In:
14.1.0, 13.1.1.4, 12.1.4
Opened: Apr 11, 2018 Severity: 3-Major
When HTTP cookie hash persistence is configured the cookie is removed when a pool member goes down. This is incorrect if pool members are using session replication.
Connected clients must establish a new session.
- Cookie hash persistence is configured. - A pool member that the persistence record points to goes down. - Pool members are using session replication.
To configure HTTP cookie hash persistence, use an iRule similar to the following: when CLIENT_ACCEPTED { persist cookie hash JSESSIONID }
HTTP hash persistence cookie is no longer removed when a pool member goes down. If you need to remove the cookie, use an iRule similar to the following: when PERSIST_DOWN { HTTP::cookie remove JSESSIONID }