K14274: Multiple BIG-IP APM sessions may be created when website uses favicon
Known Issue
Original Publication Date: Jun 26, 2014
Update Date: Mar 14, 2017
Known Issue
Websites that use a Favorite Icon (favicon) may establish multiple sessions with BIG-IP APM.
This issue occurs when the following conditions are met:
BIG-IP APM access policy is configured with Portal Access or LTM + APM mode. The web browser does not send the MRHSession cookie with the request for the favorite icon.
This issue is known to affect Google Chrome 25 and Internet Explorer 10, but may also affect other browsers.
Impact
User access may be denied due to user licenses being exhausted.
Symptoms
As a result of this issue, you may encounter the following symptoms:
The system may establish multiple sessions for a single client IP address. The Favorite Icon may not be displayed in the browser.
Resolution
Status
F5 Product Development has assigned ID 406040 to this issue. F5 has confirmed that this issue exists in the products listed in the Applies To box, located in the upper-right corner of this article. For information about releases or hotfixes that resolve this issue, refer to the following table:
Type of Fix Fixes Introduced In Related Articles Release None None Hotfix None None
Workaround
To work around this issue, you can add an iRule to check for a favicon.ico request. To do so, perform the following procedure: Impact of workaround: Workaround works only with websites that use the favicon. file. The workaround does not work if the icon is defined by a different name.
1. Log in to the Configuration utility. 2. Navigate to Local Traffic > iRules > Create. 3. In the Name box, type a name for the iRule.
For example:
favicon
4. In the Definition box, type the following text:
when HTTP_REQUEST { if { [string tolower [HTTP::path]] ends_with "favicon.ico" and [HTTP::cookie "MRHSession"] eq "" } { ACCESS::disable }}
5. Click Finished. 6. Click Virtual Servers. 7. Click the name of the virtual server that is affected by this issue. 8. Click the Resources tab. 9. In the iRules section, click Manage. 10. From the Available column, select the iRule you previously created. 11. Click the << button.
The iRule moves to the Enabled column.
12. Click Finished.
Supplemental Information
K4918: Overview of the F5 critical issue hotfix policy
Applies to:
Product: BIG-IP, BIG-IP APM, BIG-IP Edge Gateway 12.1.1, 12.1.0, 12.0.0, 11.6.1, 11.6.0, 11.5.4, 11.5.3, 11.5.2, 11.5.1, 11.5.0, 11.4.1, 11.4.0, 11.3.0