Manual Chapter : Session variables reference

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.0.1, 15.0.0
Manual Chapter

Session variables reference

This table lists session variables and related reference information. Note that the
$name
syntax is the agent name, and the BIG-IP system generates the name automatically.

Session variables for access policy action items

Action Item
Session Variable
Type
Description
Denied Ending
session.policy.result
string
Access policy result: the access policy ended at Deny. The value is
access_denied
.
Redirect Ending
session.policy.result
string
Access policy result: the access policy ended at Redirect. The value is
redirect
.
session.policy.result.redirect.url
string
URL specified in the redirect, for example,
http://www.siterequest.com
.
Allowed Ending
session.policy.result
string
Access policy result: the access policy ended at Allow. The value is
allowed
.
session.policy.result.webtop
.network_access.autolaunch
string
Name of the resource that is automatically started for a network access webtop.
session.policy.result.webtop.type
string
Type of webtop resource:
network_access
or
web_application
.
Session management
session.ui.mode
enum
UI mode, as determined by HTTP headers. UI mode reflects the protocol that the client used to communicate with the server during APM session establishment and access policy execution. UI mode does not directly map to client type (
session.client.type
). For example, when BIG-IP Edge Client uses a web browser component to establish a session, the
session.ui.mode
is set to 0 (Full Browser). Values:
  • 0 - Full Browser
  • 6 - Pocket PC (browser)
  • 7 - Standalone Client (clientless mode, no support for endpoint inspection; not Edge Client)
  • 8 - ActiveSync Client
  • 9 - Mobile Browser (smart phone)
  • 10 - Citrix Receiver
session.ui.lang
string
Language in use in the session, for example
"en"
(English).
session.ui.charset
string
Character set used in the session.
session.client.type
enum
Client type as determined by HTTP headers: portalclient or "Standalone" (Edge Client).
session.client.version
string
session.client.jailbreak
bool
Mobile device is jailbroken/rooted:
  • 0
    - No
  • 1
    - Yes
session.client.js
bool
Client is capable of executing JavaScript:
  • 0
    - No
  • 1 - Yes
session.client.activex
bool
Client is capable of running ActiveX Controls:
  • 0
    - No
  • 1
    - Yes
session.client.plugin
bool
session.client.platform
string
Client platform as determined by HTTP headers:
  • "Android"
  • "ChromeOS"
  • "iOS"
  • "Linux"
    "
  • "MacOS"
  • "Win10"
  • "Win2k"
  • "Win2k"
  • "Win7"
  • "Win8.1"
  • "Win8"
  • "WindowsPhone"
  • "WinLH"
  • "WinNT"
  • "WinVI"
    "
  • "WinXP"
session.user.access_mode
string
Enables direct access to a Citrix resource from the webtop. Example:
local
.
Active Directory action
session.ad.$name.queryresult
bool
0 or 1.
  • 0
    - Active Directory query failed
  • 1
    - Active Directory query passed
session.ad.$name.authresult
bool
0 or 1.
  • 0
    - Active Directory authentication failed
  • 1
    - Active Directory authentication passed
session.ad.$name.attr.$attr_name
string
Users attributes retrieved during Active Directory query. Each attribute is converted to a separate session variable.
session.ad.$name.attr.group.$attr_name
string
User's group attributes retrieved during Active Directory query. Each group attribute is converted to a separate session variable.
Advanced Resource Assign
session.assigned.bwc.dynamic
string
Name of the assigned dynamic bandwidth control policy.
session.assigned.bwc.static
string
Name of the assigned static bandwidth control policy.
Client certificate authentication
session.ssl.cert.x509extension
string
X509 extensions.
session.ssl.cert.valid
string
Certificate result:
OK
or error string.
session.ssl.cert.exist
integer
0 or 1.
  • 0
    - Certificate does not exist
  • 1
    - Certificate exists
session.ssl.cert.version
string
Certificate version
session.ssl.cert.subject
string
Certificate subject field
session.ssl.cert.serial
string
Certificate serial number
session.ssl.cert.end
string
Validity end date
session.ssl.cert.start
string
Validity start date
session.ssl.cert.issuer
string
Certificate issuer
session.ssl.cert.whole
string
The whole certificate
Decision box
session.decision_box.last.result
integer
0 or 1.
  • 0
    - User chooses option 2 on the decision page, which corresponds to the fallback rule branch in the action.
  • 1
    -User chooses option 1 on the decision page
Encryption of client hard disk
session.check_software.last.hd.item_1.state
Currently, there is no session variable available to represent the status of the System Drive Encrypted state.
bool
0 or 1.
  • 0
    - Not all drive encrypted.
  • 1
    - All drive encrypted.
session.check_software.last.hd.state
bool
Unused session variable; always shows the value
0
.
File check
session.windows_check_file.$name.item_0.exist
string
True
- if all files exist on the client.
session.windows_check_file.$name.item_0.result
integer
Set when files on the client meet the configured attributes.
session.windows_check_file.$name.item_0.md5
string
MD5 value of a checked file.
session.windows_check_file.$name.item_0.version
string
Version of a checked file.
session.windows_check_file.$name.item_0.size
integer
File size, in bytes.
session.windows_check_file.$name.item_0.modified
Date the file was modified in UTC form.
session.windows_check_file.$name.item_0.signer
File signer information.
LDAP action
session.ldap.$name.authresult
bool
0 or 1.
  • 0
    - LDAP authentication failed
  • 1
    - LDAP authentication passed
session.ldap.$name.attr.$attr_name
string
Users attributes retrieved during LDAP query. Each attribute is converted to a separate session variable.
session.ldap.$name.queryresult
bool
0 or 1.
  • 0
    - LDAP query failed
  • 1
    - LDAP query passed
Logon Page (CAPTCHA challenge)
session.logon.captcha.tracking
unsigned integer
A bitmask used when CAPTCHA is enabled.
  • Bit in 0 position
    - Track successful and unsuccessful logon attempts by IP address
  • Bit in 1 position
    - - Track successful and unsuccessful logon attempts by user name
Should not be used by external modules because it is intended for very specific purposes.
Machine Cert Auth
session.check_machinecert.last.result
integer
0, 1, 2, or -2.
  • 0
    - Neither certificate nor private key found.
  • 1
    - Both certificate and private key found.
  • 2
    - Certificate found, but private key not found.
  • -2
    - Various errors, such as:
    Nothing received from client.
    Data received is not in correct format
    .
    Incorrect configuration.
    (For example, CA profile is not configured).
    Linux client is trying to access the agent.
The Machine Cert Auth action is not supported on Linux.
OTP Generate
session.otp.assigned.val
string
Generated one-time password value to send to the end user. Example message:
One-Time Passcode: %{session.otp.assigned.val}
session.otp.assigned.expire
string
Internally used timestamp; OTP expiration in seconds since this date and time: (
00:00:00 UTC, January 1, 1970
)
session.otp.assigned.ttl
string
OTP time-to-live; configurable as OTP timeout in seconds. Example message:
OTP expires after use or in %{session.otp.assigned.ttl} seconds
OTP Verify
session.otp.verify.last.authresult
bool
0 or 1.
  • 0
    - OTP authentication failed
  • 1
    - OTP authentication passed
RADIUS action
session.radius.$name.authresult
bool
0 or 1.
  • 0
    - RADIUS authentication failed
  • 1
    - RADIUS authentication passed
session.radius.$name.attr.$attr_name
string
User attributes retrieved during RADIUS authentication. Each attribute is converted to a separate session variable.
Resource allocation
session.assigned.resources.at
string
Space-delimited list of names of assigned App tunnel resources.
session.assigned.resources.na
string
Space-delimited list of names of assigned Network Access resources.
session.assigned.resources.pa
string
Space-delimited list of names of assigned Portal Access resources.
session.assigned.resources.rd
string
Space-delimited list of names of assigned remote desktop resources.
session.assigned.resources.saml
string
Space-delimited list of names of assigned SAML resources.
session.assigned.webtop
string
Name of the assigned webtop.
Windows Info
session.windows_info_os.$name.ie_version
string
Stores the Internet Explorer version
session.windows_info_os.$name.ie_updates
string
List of installed SP and KB fixes for Internet Explorer. For example: "¦SP2¦KB12345¦KB54321¦"
session.windows_info_os.$name.platform
string
Platform.
  • "Win7"
    - Windows 7
  • "Win8"
    - Windows 8
  • "WinVI"
    - Windows
  • "WinXP"
    - Windows XP
  • "Win2003"
    - Windows 2003 Server
  • "WinLH"
    - Windows 2008
session.windows_info_os.$name.updates
string
List of installed SP and KB fixes for Windows. For example,
"¦SP2¦KB12345¦KB54321¦"
session.windows_info_os.$name.user
string
List of current Windows user names
session.windows_info_os.$name.computer
string
List of computer names
Windows Process
session.windows_check_process.$name.result
integer
0, 1, or -1.
  • 0
    - Failure
  • 1
    - Success
  • -1
    - Invalid check expression
Windows Registry
session.windows_check_registrys.$name.result
integer
0, 1, or -1.
  • 0
    - Failure
  • 1
    - Success
  • -1
    - Invalid check expression