This is a tricky one as maybe the user is comming from a jump host or there is a proxy device before the F5 that does something. Also if just one browser has the issue is interesting as if you have AD an the user is internal there could be some rules that the AD enforces on the browser (also the users shouldn't be using incognito mode 🙂 )
Maybe see the links below as the ASM cookie is generated for every domain and path and maybe something happens on the browser that does not send the cookie. Also if it was API traffic/Bot traffic they normally do not support cookies.
https://support.f5.com/csp/article/K72137013
https://support.f5.com/csp/article/K54905165
https://support.f5.com/csp/article/K5907
Other thing is if you maybe enabled some flags:
https://support.f5.com/csp/article/K13787