09-20-2005 09:08 AM
Does anyone have experience with 11150 dropping suspended sessions. We are using Sticky-SSL with nCipher SSL accelerator cards. When session is suspended the CSS holds the flow for about 16 seconds then drops it. Client is then forced to reauthenticate.
version: ap0610405
content WEB
add service WEB1
protocol tcp
port 443
add service WEB2
add service WEB3
add service WEB4
advanced-balance sticky-srcip
sticky-inact-timeout 35
vip address 10.1.1.1.
active
Interestingly enough, using weight 0 does work, holding exisiting sessions and not allowing new sessions where suspend drops exisiting sessions and prevents new sessions
09-20-2005 10:06 AM
What do you mean by suspending the session ??
Do you suspend the service ?
The difference with weight set to zero and suspend is that weight 0 still allows new connection to be sent to the service if there is a sticky entry pointing to this server.
Therefore I have the feeling that your browser is using new SSLID and with suspend, the new connection is sent to a new server which requires a new authentication, however with weight 0, the new connection is sent to the same server so no authentication is required.
Everything seems to be normal.
If you have doubts, I would suggest to capture a sniffer trace on the client.
Regards,
Gilles.
Thanks for rating this answer.
09-24-2005 06:36 AM
Appreciate the response. When using sticky SSL, weight zero still honors the CSS sticky table and so clients reconnect to the same server even if they close their browser and 10 minutes later make a new connection. Weight 0 is not the appropriate solution.
So the question is if anybody has any experience with nCipher SSL cards or iPlanet sending an Encrpyted Alert to client which Resets the client and ends their sesion when using Suspend command. Suspend is the correct way to prevent any new sessions from connecting to a service even if the IP is in the Sticky Table.
TIA
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide