Manual Chapter :
Session variables reference
Applies To:
Show Versions
BIG-IP APM
- 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Session variables reference
This table lists session variables and related reference information. Note that the
$name
syntax is the agent name, and the BIG-IP system generates the name automatically.Session variables for
access policy action items
Action Item | Session Variable | Type | Description |
|---|---|---|---|
Denied Ending | session.policy.result
| string | Access policy result: the access policy ended
at Deny. The value is access_denied . |
Redirect Ending | session.policy.result
| string | Access policy result: the access policy ended
at Redirect. The value is redirect . |
session.policy.result.redirect.url
| string | URL specified in the redirect, for example,
http://www.siterequest.com . | |
Allowed Ending | session.policy.result
| string | Access policy result: the access policy ended
at Allow. The value is allowed . |
session.policy.result.webtop
.network_access.autolaunch
| string | Name of the resource that is automatically
started for a network access webtop. | |
session.policy.result.webtop.type
| string | Type of webtop resource: network_access or
web_application . | |
Session management | session.ui.mode
| enum | UI mode, as determined by HTTP headers. UI
mode reflects the protocol that the client used to communicate with the
server during APM session establishment and access policy execution. UI
mode does not directly map to client type ( session.client.type ). For example, when BIG-IP Edge
Client uses a web browser component to establish a session, the
session.ui.mode is
set to 0 (Full Browser). Values:
|
session.ui.lang
| string | Language in use in the session, for example
"en"
(English). | |
session.ui.charset
| string | Character set used in the session. | |
session.client.type
| enum | Client type as determined by HTTP headers:
portalclient or "Standalone" (Edge Client). | |
session.client.version
| string | ||
session.client.jailbreak
| bool | Mobile device is jailbroken/rooted:
| |
session.client.js
| bool | Client is capable of executing JavaScript:
| |
session.client.activex
| bool | Client is capable of running ActiveX
Controls:
| |
session.client.plugin
| bool | ||
session.client.platform
| string | Client platform as determined by HTTP headers:
| |
session.user.access_mode
| string | Enables direct access to a Citrix resource
from the webtop. Example: local . | |
Active Directory action | session.ad.$name.queryresult
| bool | 0 or 1.
|
session.ad.$name.authresult
| bool | 0 or 1.
| |
session.ad.$name.attr.$attr_name
| string | Users attributes retrieved during Active
Directory query. Each attribute is converted to a separate session
variable. | |
session.ad.$name.attr.group.$attr_name
| string | User's group attributes retrieved during
Active Directory query. Each group attribute is converted to a separate
session variable. | |
Advanced Resource Assign | session.assigned.bwc.dynamic
| string | Name of the assigned dynamic bandwidth control
policy. |
session.assigned.bwc.static
| string | Name of the assigned static bandwidth control
policy. | |
Client certificate authentication | session.ssl.cert.x509extension
| string | X509 extensions. |
session.ssl.cert.valid
| string | Certificate result: OK or error
string. | |
session.ssl.cert.exist
| integer | 0 or 1.
| |
session.ssl.cert.version
| string | Certificate version | |
session.ssl.cert.subject
| string | Certificate subject field | |
session.ssl.cert.serial
| string | Certificate serial number | |
session.ssl.cert.end
| string | Validity end date | |
session.ssl.cert.start
| string | Validity start date | |
session.ssl.cert.issuer
| string | Certificate issuer | |
session.ssl.cert.whole
| string | The whole certificate | |
Decision box | session.decision_box.last.result
| integer | 0 or 1.
|
Encryption of client hard disk | session.check_software.last.hd.item_1.state
Currently, there is no session variable
available to represent the status of the System Drive Encrypted
state. | bool | 0 or 1.
|
session.check_software.last.hd.state
| bool | Unused session variable; always shows the
value 0 . | |
File check | session.windows_check_file.$name.item_0.exist
| string | True - if all
files exist on the client. |
session.windows_check_file.$name.item_0.result
| integer | Set when files on the client meet the
configured attributes. | |
session.windows_check_file.$name.item_0.md5
| string | MD5 value of a checked file. | |
session.windows_check_file.$name.item_0.version
| string | Version of a checked file. | |
session.windows_check_file.$name.item_0.size
| integer | File size, in bytes. | |
session.windows_check_file.$name.item_0.modified
| Date the file was modified in UTC
form. | ||
session.windows_check_file.$name.item_0.signer
| File signer information. | ||
LDAP action | session.ldap.$name.authresult
| bool | 0 or 1.
|
session.ldap.$name.attr.$attr_name
| string | Users attributes retrieved during LDAP query.
Each attribute is converted to a separate session variable. | |
session.ldap.$name.queryresult
| bool | 0 or 1.
| |
Logon Page (CAPTCHA challenge) | session.logon.captcha.tracking
| unsigned integer | A bitmask used when CAPTCHA is enabled.
Should not be used by external modules because
it is intended for very specific purposes. |
Machine Cert Auth | session.check_machinecert.last.result
| integer | 0, 1, 2, or -2.
The Machine Cert Auth action is not supported
on Linux. |
OTP Generate | session.otp.assigned.val
| string | Generated one-time password value to send to
the end user. Example message: One-Time Passcode: %{session.otp.assigned.val}
|
session.otp.assigned.expire
| string | Internally used timestamp; OTP expiration in
seconds since this date and time: ( 00:00:00 UTC, January 1,
1970 ) | |
session.otp.assigned.ttl
| string | OTP time-to-live; configurable as OTP timeout
in seconds. Example message: OTP
expires after use or in %{session.otp.assigned.ttl} seconds
| |
OTP Verify | session.otp.verify.last.authresult
| bool | 0 or 1.
|
RADIUS action | session.radius.$name.authresult
| bool | 0 or 1.
|
session.radius.$name.attr.$attr_name
| string | User attributes retrieved during RADIUS
authentication. Each attribute is converted to a separate session
variable. | |
Resource allocation | session.assigned.resources.at
| string | Space-delimited list of names of assigned App
tunnel resources. |
session.assigned.resources.na
| string | Space-delimited list of names of assigned
Network Access resources. | |
session.assigned.resources.pa
| string | Space-delimited list of names of assigned
Portal Access resources. | |
session.assigned.resources.rd
| string | Space-delimited list of names of assigned
remote desktop resources. | |
session.assigned.resources.saml
| string | Space-delimited list of names of assigned SAML
resources. | |
session.assigned.webtop
| string | Name of the assigned webtop. | |
Windows Info | session.windows_info_os.$name.ie_version
| string | Stores the Internet Explorer version |
session.windows_info_os.$name.ie_updates
| string | List of installed SP and KB fixes for Internet
Explorer. For example: "¦SP2¦KB12345¦KB54321¦" | |
session.windows_info_os.$name.platform
| string | Platform.
| |
session.windows_info_os.$name.updates
| string | List of installed SP and KB fixes for Windows.
For example, "¦SP2¦KB12345¦KB54321¦"
| |
session.windows_info_os.$name.user
| string | List of current Windows user names | |
session.windows_info_os.$name.computer
| string | List of computer names | |
Windows Process | session.windows_check_process.$name.result
| integer | 0, 1, or -1.
|
Windows Registry | session.windows_check_registrys.$name.result
| integer | 0, 1, or -1.
|
