Cookie Violation - Expired TimeStamp.

Cookie Violation - Expired TimeStamp violation happens if a user goes away for over 10 minutes and then issues a fresh request. . ASM TS cookie set in response contains the encrypted & digitally signed timestamp of the last sent response which is compared by ASM with the current time on the next request. If TS cookie is "too old" (more than 600 seconds/10 minutes) an Expired Timestamp violation will be generated - this prevents session replay attacks (hackers using stolen HTTP requests of a user and then trying to replay them hoping to hijack the user session).

If the application you are protecting with ASM allows idle timeout for users for more than 10 minutes you will need to adjust the expiration period of the cookie.

The expiration period can be controlled by cookie_expiration_time_out parameter in the ASM Advanced config menu (Security ›› Options : Application Security : Advanced Configuration : System Variables) and it is 600 seconds (10 minutes) by default. So if your application's idle timeout is 15 minutes (very popular timeout these days with online banking and other financial websites) you need to change the setting to 900 seconds.

If your application does not have a timeout and allows users to stay logged in for a very long time and you want to keep that behaviour you will need to disable this violation as it is not suitable for your application.

Hope this helps,

Sam