Forum Discussion

abdulmalek's avatar
Icon for Nimbostratus rankNimbostratus
Jan 10, 2022

User's session timeout and concurrent session (Layer 7) using F5 LTM


I hope all is well :)


We want to control the user's session timeout and concurrent session (Layer 7) using F5 LTM; however, after researching the documentation, we couldn't find a way to do so except with APM. can you please advise on how to do so without APM? 


Appreciate your corporation.



Abdulmalek Aldosrri

2 Replies

  • Hi

    I guess user's session timeout value relate to timeout value

    and then concurrent session is using below irule


    when RULE_INIT {

      set static::maxquery 1

      set static::holdtime 600



      set srcip [clientside {IP::local_addr}]

      if { [table lookup -subtable "blacklist" $srcip] != "" } {



        log local0. "abc" 


      set curtime [clock second]

      set key "count:$srcip:$curtime"

      set count [table incr $key]

      table lifetime $key 600

      log local0. $count


      if { $count > $static::maxquery } {

        table add -subtable "blacklist" $srcip "blocked" indef $static::holdtime

        log local0. "excute"

        table delete $key





  • Much appreciated neeeewbie, will test it and let you know! By the way, we have created an irule that removes all browser cookies after a specific time interval to address the timeout issue. it's working fine with us :)


    when HTTP_REQUEST {


      set now [clock seconds]


      if { [HTTP::cookie exists lastrequesttimestamp] } {

        set lastrequesttimestamp [HTTP::cookie value lastrequesttimestamp]

      } else {

        set lastrequesttimestamp $now



      set cookieNames [HTTP::cookie names]




    when HTTP_RESPONSE {


      set threshold [expr {20}]

      set lastRequestPlusThreshold [expr {$threshold + $lastrequesttimestamp}]


       if { $lastRequestPlusThreshold < $now } {

        foreach aCookie $cookieNames {

          HTTP::cookie insert name $aCookie value bb

          HTTP::cookie expires $aCookie 1



       } else {

         HTTP::cookie insert name "lastrequesttimestamp" value $now path "/"

        HTTP::cookie attribute "lastrequesttimestamp" insert "SameSite" "None"

        HTTP::cookie secure "lastrequesttimestamp" enable