Bug ID 749608: HTTP Persistence cookies erroneously sent when cookie persistence turned off

Last Modified: Sep 06, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6, 14.1.2

Fixed In:
15.0.0

Opened: Nov 13, 2018
Severity: 3-Major

Symptoms

Traffic may appear to not be load balancing among a pool correctly. Because clients are receiving persistence cookies when they should not be, a client can be routed back to the same pool member for subsequent requests when this is not necessary, instead of being assigned a pool member through load balancing.

Impact

The system erroneously sends persistence cookies with responses. Undesired routing might occur, where a client is not load balanced, and instead is always directed back to the same pool member.

Conditions

This occurs when two conditions are met 1) - The always_send option must be on with HTTP persistence cookies or - Cookies are configured with an expiry 2) Later, persistence is change to 'persist none' (by an iRule, for example).

Workaround

Turn off the always-send option, and disable the HTTP persistence cookie expiry. If you need the expiry function, use an iRule to re-add it after the cookie has been inserted.

Fix Information

None

Behavior Change