Bug ID 722294: Reported session ID keeps changing for the same user session when ASM does not track sessions

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
14.0.0,,,,,, 14.0.1,

Fixed In:

Opened: May 30, 2018
Severity: 4-Minor


A reported session ID is not maintained for the same user session.


The TS cookie is not created since there is no cookie-enforcing feature that is turned on (such as session tracking). Although this is correct behavior, it might result in confusion when there is a different, random session ID on each request.


-- Simple, feature-less policy (i.e., policy contains only attack signatures). -- There are no cookies coming in from the server.


Turn on a cookie-related feature (such as session tracking).

Fix Information

session_id is no longer shown in request log when TS cookie does not exist. This prevents any potential confusion when viewing the logs in this situation.

Behavior Change