Last Modified: Nov 07, 2022
See more info
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168
14.1.0, 14.0.0, 22.214.171.124
Opened: Jul 16, 2017
Related AskF5 Article: K60745057
A false positive cookie hijacking violation.
False positive violation / blocking.
-- Several sites are configured on the policy, without subdomain. -- TS cookies are sent with the higher domain level then the configured. -- A single cookie from another host (that belongs to the same policy) arrives and is mistaken as the other site cookie.
Cookie hijacking violation when the device ID feature is turned off is almost never relevant, as it should be able to detect only cases where some of the TS cookies were taken. The suggestion is to turn off this violation.