Forum Discussion

Nimbostratus

Mar 04, 2025

What does session_id = 0 means in ASM session tracking?

We have an ASM policy with session tracking enabled and working fine and we noticed that several ASM logs hace a session_id equals to 0. We suspected some botnet source but we don't know what it's th...

Moderator

Nov 21, 2025

José_Ramón_Rodr

I found this information for your question

Requests with session_id = 0 are typically:
- The initial request from a client before ASM sets its session cookie.
- Requests from clients/bots that do not accept cookies or do not process JavaScript (such as some automated bots, scrapers, or privacy-focused browsers).
- Requests where cookies have been cleared or blocked by the client.
ASM will only start assigning a non-zero session_id after the client has accepted the ASM cookie and/or completed the JavaScript challenge for device ID.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

What does session_id = 0 means in ASM session tracking?

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

F5 XC Session tracking and logging with User Identification Policy

Tracks, Hacks, and Time to Relax

MCP Session Affinity With F5 NGINX Plus

The BIG-IP Application Security Manager Part 9: Username and Session Awareness Tracking

Link Tracking

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS