Forum Discussion

Nimbostratus

May 11, 2018

Session Tracking in the ASM

I want to implement the session tracking feature in the ASM by setting a session threshold. To determine this threshold I wanted to know how the ASM maintains state information. Is it through the TS ...

Historic F5 Account

May 17, 2018

Yes, ASM maintains state information with the Main ASM Cookie, the TS Cookie, and this is tied to the sessionID you see in the event logs.

I do not believe the sessionID itself is exposed via an irule however (see the page on ASM::violation_data), however, you should simply get this information logged remotely anyway when you use remote logging, without needing to extract it within an iRule.

Have a look at this manual on Logging Application Security Events.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Session Tracking in the ASM

Tyler - May 2026 Featured Member

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

Recent Discussions

F5 Send email and snmp trap from LTM log event

shame on f5

Dynamic import of data groups

ASM allow specific url from outside country of geolocation ON

AWAF Detection Inconsistency Between Similar Test Payloads

Related Content

F5 Architecture Track Sessions - AppWorld 2026

F5 XC Session tracking and logging with User Identification Policy

Tracks, Hacks, and Time to Relax

MCP Session Affinity With F5 NGINX Plus

LLM Streaming Session Pinning for WebSocket AI Gateways

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS