Cookie with HTTP to HTTPS connections and the need of OneConnect
Hello,
We need to preserve COOKIE styckyness once the client is switching from HTTP to HTTPS and viceversa using the same VIPS (only the ports 443-80 are different of course) and the Nodes IPs behind as well.
BIGIP stanadrd cookie is based on IP address and port (i.e. pool member), so it cannot be used to stick to the same node. Instead, we can use this iRule to generate a UIE COOKIE based only on the node IP: https://devcentral.f5.com/wiki/iRules.HttpToHTTPsCookiePersistence.ashx
But this is still not working!! even when we browse at HTTP level without switching to HTTPS. In the sniffer traces taken on the LTM i clearly see that the client always sends the "bIPs" COOKIE generated by the LTM, so it should stick to the same sever behind, right?
So finally we were suggested to enabled OneConnect to both HTTP/HTTPS VIPs due to the fact that Persistence is not working sometime when HTTP Keepalive is active.
https://support.f5.com/kb/en-us/solutions/public/7000/900/sol7964.html
I am not clear why do we need OneConnect. Why LTM does not persist in case HTTP keepalive is enabled? We cannot use OneConnect as we had some issues with the application, so we are stuck..