Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1
Fixed In:
14.1.0
Opened: May 30, 2018 Severity: 4-Minor
A reported session ID is not maintained for the same user session.
The TS cookie is not created since there is no cookie-enforcing feature that is turned on (such as session tracking). Although this is correct behavior, it might result in confusion when there is a different, random session ID on each request.
-- Simple, feature-less policy (i.e., policy contains only attack signatures). -- There are no cookies coming in from the server.
Turn on a cookie-related feature (such as session tracking).
session_id is no longer shown in request log when TS cookie does not exist. This prevents any potential confusion when viewing the logs in this situation.