AltostratusPlease refer to the documentation here for your specific questions: https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-4-0/26.html
Here is some additional information regarding how the cookies are generated.
There are two types of ASM cookies: A. The Main cookie Validates the domain cookies Detect session expiration Validates rest of ASM cookies (frame cookies) B. The Frame cookie (which can be a flow frame cookie or extraction frame cookie.)
ASM Cookie Name: TSxxxxxx -> The x are the first 6 hex digits of the web application name crc64 except i. If the TS cookie is a path TS cookie he cookie name will be modified to include the path cookie crc into it. ii. If the TS cookie has a domain attributethe cookie name will be calculated from the host crc. iii. If subdomain is defined in the policy, the TS cookie will be added the domain attribute and the cookie name will be calculated along with the relevant host domain
Main ASM Cookie Structure:
i) Signature - MD5 hashing of the rest of the cookie. ii) Message Key - a random sequence of bytes used to connect the main cookie with the other ASM cookies on the request. iii) Time Stamp - indicates the time when the cookie was created. Used in order to verify the cookies are not too old. By using the message key, frame cookie's age can be verified as well. iv) Cookies Name/Value CRC pairs - for each set cookie commands ASM sees in the response, a pair of two 8 bytes CRCs is created: one for the name and one for the value. Those pairs are concatenated at the end of the cookie.
cookie_digest_key Internal parameter:
This parameter is used as a key in the cookie digest calculations. This parameter can contain up to 32 chars. Changing this parameter will change the digest result - this may be used to change resulting values between different ASM installations.
Note - if one changes this internal parameter a request that comes in with TS cookies that were built using the old digest will get MODIFIED ASM COOKIE violation.
