Configuring session persistence per transaction
When FortiWeb maintains session persistence using cookies (Persistent Cookie, Insert Cookie), it tracks or inserts the cookie for the first transaction of a session only. It does not track or insert a cookie in subsequent transactions in the session, even if the transaction does not contain a control cookie.
This method maintains session persistence in most environments. However, it does not work if your environment uses TCP multiplexing, which combines HTTP requests from multiple clients in a single session for load balancing or other purposes.
To avoid this problem, use the following CLI command to configure the cookie-based session persistence feature to track or insert a control cookie for each transaction in a TCP session that does not already have a control cookie:
config server-policy policy
edit <policy_name>
set sessioncookie-enforce enable
You cannot use the web UI to enable this option. For more information, see the
FortiWeb CLI Reference.