On Wed, Apr 10, 2013 at 11:59:27AM +1000, Duncan Hall wrote: > Willy, > > Thanks for your reply, it is appreciated. I have this working behind an > old F5 at the moment with an iRule to try and recreate the users > jsession cookie, it works but is a bit of a mess. I think I can > replicate the way that works in HAproxy but I was hoping that there may > be some magic feature! Eventually I will get the sites rebuilt to use > backend session persistence and this will all become very simple.
There are always possibilities. What is important is to always find something which is kept between two clicks. Usually it's a cookie. Sometimes it's an SSL ID. Some people consider that the IP address is OK, others will use the matching between the Location header and a URL param, etc... However if you want to rebuild a cookie, you must absolutely be sure not to deliver it to the wrong user !!! When you work with cross-domain, I strongly suggest that location+url are used, because they're basically the only thing that a browser will accept to transmit between two domains, and that are safe. Regards, Willy
