-
AppExpert Applications and Templates
-
Configure application authentication, authorization, and auditing
-
-
Use Case for Limiting the Number of Sessions
-
-
Advanced Policy Expressions: Working with Dates, Times, and Numbers
-
Advanced Policy Expressions: Parsing HTTP, TCP, and UDP Data
-
Advanced Policy Expressions: IP and MAC Addresses, Throughput, VLAN IDs
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Use Case: Limiting the Number of Sessions
In this use case, the requirement is to limit the number of active backend sessions. In the deployment, each session login has login in the URL and each session logout has logout in the URL. On successful login, the backend sets a sessionid cookie with a unique 10 character value.
To achieve this use case, perform the following operations:
-
Create a map variable that can store each active session. The key of the map is the sessionid. The expiry time for the variable is set to 600 seconds (10 minutes).</span>
> add ns variable session_map -type map(text(10),ulong,100) -expires 600 <!--NeedCopy-->
-
Create the following assignments for the map variable:</span>
-
Create an entry for the sessionid and set that value to 1 (this value is not actually used).</span>
> add ns assignment add_session -variable '$session_map[http.req.cookie.value("sessionid")]' -set 1 <!--NeedCopy-->
-
Deallocate the entry for a session ID, which implicitly decrements the value count for session_map.</span>
> add ns assignment delete_session -variable '$session_map[http.req.cookie.value("sessionid")]' -clear <!--NeedCopy-->
-
-
Create responder policies for the following:</span>
-
To check if a map entry exists for that sessionid in the HTTP request. The add_session assignment is executed if the map entry does not exist.</span>
> add responder policy add_session_pol 'http.req.url.contains("example") || $session_map.valueExists(http.req.cookie.value("abc"))' add_session <!--NeedCopy-->
Note: The valueExists() function in the add_session_pol policy counts as a reference to the session’s map entry, so each request resets the expiration timeout for its session. If no requests for a session are received after 10 minutes, the session’s entry will be deallocated.
-
To check when the session is logged out. The delete_session assignment is executed.</span>
add responder policy delete_session_pol "http.req.url.contains(\"Logout\")" delete_session <!--NeedCopy-->
-
To check for login requests and if the number of active sessions exceed 100. If these conditions are satisfied, in order to limit the number of sessions, the user is redirected to a page that indicates that the server is busy.</span>
add responder action redirect_too_busy redirect "/too_busy.html" add responder policy check_login_pol "http.req.url.contains(\"example\") && $session_map.valueCount > 100" redirect_too_busy <!--NeedCopy-->
-
-
Bind the responder policies globally.</span>
bind responder global add_session_pol 30 next bind responder global delete_session_pol 10 bind responder global check_login_pol 20 <!--NeedCopy-->
Share
Share
In this article
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.