Forum Discussion

Nimbostratus

May 11, 2018

Session Tracking in the ASM

I want to implement the session tracking feature in the ASM by setting a session threshold. To determine this threshold I wanted to know how the ASM maintains state information. Is it through the TS ...

Historic F5 Account

May 17, 2018

Yes, ASM maintains state information with the Main ASM Cookie, the TS Cookie, and this is tied to the sessionID you see in the event logs.

I do not believe the sessionID itself is exposed via an irule however (see the page on ASM::violation_data), however, you should simply get this information logged remotely anyway when you use remote logging, without needing to extract it within an iRule.

Have a look at this manual on Logging Application Security Events.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Session Tracking in the ASM

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

JSON Web Key Set Endpoint

Related Content

Tracks, Hacks, and Time to Relax

F5 XC Session tracking and logging with User Identification Policy

MCP Session Affinity With F5 NGINX Plus

The BIG-IP Application Security Manager Part 9: Username and Session Awareness Tracking

Link Tracking

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS