Forum Discussion

Nimbostratus

Mar 04, 2025

What does session_id = 0 means in ASM session tracking?

We have an ASM policy with session tracking enabled and working fine and we noticed that several ASM logs hace a session_id equals to 0. We suspected some botnet source but we don't know what it's th...

Moderator

Nov 21, 2025

José_Ramón_Rodr

I found this information for your question

Requests with session_id = 0 are typically:
- The initial request from a client before ASM sets its session cookie.
- Requests from clients/bots that do not accept cookies or do not process JavaScript (such as some automated bots, scrapers, or privacy-focused browsers).
- Requests where cookies have been cleared or blocked by the client.
ASM will only start assigning a non-zero session_id after the client has accepted the ASM cookie and/or completed the JavaScript challenge for device ID.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

What does session_id = 0 means in ASM session tracking?

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

Connection Rate Limit with log output

syslog over tcp and define management IP as source

Managing iRules configuration

Recommendation for Adv. Lab

Unable to Forward APM and AFM Logs to AWS CloudWatch Using Telemetry Streaming

Related Content

F5 Architecture Track Sessions - AppWorld 2026

F5 XC Session tracking and logging with User Identification Policy

Tracks, Hacks, and Time to Relax

MCP Session Affinity With F5 NGINX Plus

LLM Streaming Session Pinning for WebSocket AI Gateways

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS