So update on this issue, in researching this with support it was thrown out there that the ASM cookie being flagged was from a different ASM. So I have 2 ASMs in my lab 1 v11 and 1 v10 and they sit behind an LTM this way I can easily switch between versions for testing.
With this setup I was able to start with v10 box enabled and the v11 forced offline and I start browsing the site and of course I see an ASM cookie set lets call TS1234, then I stop browsing and force offline the v10 box and enable the v11 box, the next click I make on the site I get blocked by ASM for Modified ASM Cookie and in my trace I see that the TS1234 is being sent and is the reason for the violation.
However if I clear my cookies and close and reopen the browser and start my browsing going through the v11 box, I see an ASM cookie set lets say TS5678, then I stop browsing and force offline the v11 box and enable the v10 box. This time able to browse just fine and I see the TS1234 cookie get set but the TS5678 cookie remains in the traffic flow, but the v10 does seem bothered by it at all.
I have taken some ssldumps and http watches and given them to support this afternoon to review to see why this is happening on v11 but not v10. In my prod environment I have the same setup 2 ASMs behind an LTM but they are both enabled and LBed all the time. Right now they are both 10.2.0 HF2.
I will report more once I know more on what will fix this and why the detection behavior seems to have changed