What does session_id = 0 means in ASM session tracking?

Question

We have an ASM policy with session tracking enabled and working fine and we noticed that several ASM logs hace a session_id equals to 0. We suspected some botnet source but we don't know what it's the meaning of that zero value. How is usually got a value this parameter and why is set to zero in those cases?

jmtaylor · Answer

José_Ramón_Rodr&nbsp;
&nbsp;
I found this information for your question&nbsp;

Requests with session_id = 0 are typically:

The initial request from a client before ASM sets its session cookie.
Requests from clients/bots that do not accept cookies or do not process JavaScript (such as some automated bots, scrapers, or privacy-focused browsers).
Requests where cookies have been cleared or blocked by the client.

ASM will only start assigning a non-zero session_id after the client has accepted the ASM cookie and/or completed the JavaScript challenge for device ID.

Forum Discussion

What does session_id = 0 means in ASM session tracking?

1 Reply

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

F5 XC Session tracking and logging with User Identification Policy

Tracks, Hacks, and Time to Relax

MCP Session Affinity With F5 NGINX Plus

The BIG-IP Application Security Manager Part 9: Username and Session Awareness Tracking

Link Tracking

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS