ASM removing cookies????

Question

I wanted to see if anyone out there has ever encountered an instance where ASM would strip a cookie out of a request for whatever reason. We are having a problem with an application where users are being logged out randomly, and it appears we are seeing a missing session cookie in the web server logs. There is no proof pointing towards ASM as the culprit, but since it is a security device that blocks stuff, people tend to look in its direction. So I am just trying to get ahead of the game and see if anyone has seen this behavior? Any help is appreciated.

hoolio · Answer

Hi Mike, 
&nbsp;  
&nbsp; I don't remember every seeing ASM remove a cookie from a request or response.  If it's reproducible, you could capture tcpdumps on LTM of the client and serverside connections to compare.  I don't expect you'd see ASM causing this problem though as ASM typically doesn't modify content. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

ASM removing cookies????

1 Reply

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Removal Cookies on Client Browser

iRule to set SameSite for compatible clients and remove it for incompatible clients (LTM|ASM|APM)

Remove alerts showing r-series LCD/Dashboard.

Removal of Client Side F5 Persistence Pool Cookie

Cookie-based DDoS protection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS