Forum Discussion
R_Marc
Apr 13, 2018Nimbostratus
I was given a similar requirement. The backend is 7.1X Citrix which requires (according to AskF5) 13.1+. I was able to set up everything via an iApp, then replicate without the iApp ('cause I hate iApps). The problem I faced is storefront java script logged out after 20 minutes-ish and killed the APM session. The requirement I was given was to allow that timeout, but to also let active VDI's to continue (they ride the same APM session).
This is what I came up with, which works for me, YMMV:
when CLIENT_ACCEPTED {
set citrix_logout 0
}
when HTTP_REQUEST {
set hardlimit 86400
set VDI_Logoff "/Citrix/yourstore/Authentication/Logoff"
set storeWebName "/Citrix/yourstore/"
if { [HTTP::uri] == $VDI_Logoff } {
set cookieNames [HTTP::cookie names]
set MRHSession [HTTP::cookie value MRHSession]
table set -subtable loggedout [HTTP::cookie value MRHSession] limit $hardlimit
ACCESS::disable
set clear_cookies 1
} else {
if { [table lookup -subtable "loggedout" [HTTP::cookie value MRHSession]] != "" } {
log local0. "Rejecting MRHSession [HTTP::cookie value MRHSession]"
reject
}
}
}
when HTTP_RESPONSE {
if { [info exists clear_cookies] } {
foreach aCookie $cookieNames {
HTTP::cookie insert name $aCookie value 0
HTTP::cookie expires 1
}
}
}
when ACCESS_ACL_ALLOWED {
set type [ACCESS::session data get session.client.type]
if { !($type starts_with "citrix") } {
set http_uri [HTTP::uri]
if { $http_uri == "/" || ($citrix_logout eq 0 && $http_uri ends_with "login.aspx") } {
ACCESS::respond 302 Location "https://[HTTP::host]$storeWebName"
} elseif { $http_uri contains "Logoff" } {
set citrix_logout 1
} elseif { $citrix_logout eq 1 && $http_uri ends_with "login.aspx" } {
set citrix_logout 0
ACCESS::respond 200 content "Logged out\r\n" Connection close
ACCESS::session remove
} elseif { $http_uri ends_with "Disconnect" } {
ACCESS::respond 200 content "Logged out\r\n" Connection close
ACCESS::session remove
}
}
}