Bug ID 658462: Portal Access: tmm may crash if web application uses long cookie names and/or values

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3

Fixed In:
13.1.0, 13.0.1

Opened: Apr 13, 2017
Severity: 2-Critical
Related AskF5 Article:


If JavaScript code sets a very long cookie value or uses very long cookie name (longer than 450 bytes), tmm may crash processing this cookie change.


tmm crashes. Traffic disrupted while tmm restarts. System failover.


This issue occurs when all of the following conditions are met: -- Your BIG-IP APM system is configured with a portal access profile. -- A user establishes a portal access session using a Google Chrome or Microsoft Edge browser. -- Content processed by the portal access includes a JavaScript-generated HTTP cookie in which the cookie name or cookie value exceed 450 bytes.


Use an iRule to remove 'Origin' header from any request to '/private/fm/volatile.html'. Note: This iRule has to enable events for internal requests using 'ACCESS::restrict_irule_events enable' command.

Fix Information

TMM no longer crashes when an APM Portal Access web application uses long cookie values and/or names.

Behavior Change