Forum Discussion
NimbostratusASM - TS Cookie Has No Value
Hi, Just implemented ASM (11.5.1) and immediately started having an issue with the application that it's securing. We are receiving "TS Cookie has no value" violations resulting in the blocking of the page
What I've read is that these are session cookies and have been able to confirm that the closing\opening of the browser will resolve the issue.
What I don't understand and where we are having the issue is upon logging off the application and not reopening the browser. when logging back into the application ASM is inserting another TS cookie but this time without a value.....hence causing the blocks.
Is this expected behavior? If so is there a way around this?
Thanks
9 Replies
gsharriAltostratus
I do not think this is normal. The ASM TS cookie is a session cookie so it should remain constant unless the client closes/opens browser. Are you using ASM features like enforced cookies or session/username tracking?
33boston_223I utilized the automatic policy builder and have not made any edits to the policy. That being said I dont believe I'm using those features (unless is a default).
Here's an example of what I'm seeing with Fiddler. I've shortened the values of the cookies with values but as you can see there are two that have been added without values.
TS017c5d10%5F31=
TS017c5d10_31=0138fc3bdec1e0
TS017c5d10=011f6aea4c441edcb
TS01e020ba=
- gsharri
This is strange. The fact that the 8 hex characters (017c5d10) are identical in the first 3 cookies means they came from the same security policy. The fourth one is different which would indicate there is a second security policy involved also. The URL % encoding in the first cookie, %5F, is an underscore character which means thats the same cookie name as the second cookie listed. the middle 2 cookies are what I would expect to see in a normal ASM response the other 2...? Sorry, not sure whats going on. It might be time to open a support case with F5.
Read more about ASM cookies here: SOL6850 - 33boston_223
Thanks for the response, I'll open a support case.
- gsharriOnce you figure out the solution please post it here. Thanks!
- 33boston_223
So opened a support case and after mulitple tcp dumps and discussions with my dev group it was discovered that the logout\redirect page was setting all cookies with empty values (including the TS cookies). Once the redirect then occurs and the user is sent back to the login page the violation was triggered due to . we've been able to resolve this easily with a few changes to the logout page.
Thanks for all your assistance!
Praveen_Kumar_KHi,
I have similar issue, however i am unable to recreate issue. I am noticing around 300 alerts per week.
any pointer to recreate issue, i know its a vague question any direction would be appreciated.
- 33boston_223Hi, I'm not sure I completely understand the question but in our issue it was specific to a certain page within our app per the triggered alerts in the ASM. THe way we were able to recreate that was by simply accessing the page.
- Praveen_Kumar_K
Hi,
We are unable to identify the issue page/issue function. This violation is triggered for very less traffic in a day, it is not consistent on all transactions.
I have opened a ticket with F5 support, lets see if they could help us to identify issue.
