According to both SOL6850 and Sol 7354, BIG-IP ASM creates 2 types of cookies , the main ASM Cookie (TSXXXXXX) and the ASM Frame cookie (TSXXXXXX_d)each serving differ functions.
Infact in practical reality I found that that which was described in these SOL texts differs from what I observed, apart from the fact that ASM creates multiple cookies within a session sometimes up to 6 or more cookies, the names of these cookies is also different to the TS names shown above. I never actually seen a Frame cookie with the _d stated, all cookies observed where in the form TSXXXXXX, sometimes the names would be different whilst the value remained the same, can't understant the purpose of that.
I have not being able to get a more comprehensive or white paper type document that explains the internals and setting of ASM cookies, its a black box.
Furthermore, I run the ASM in a simple rapid negative security mode nothing exotic there, I have spoken to support and they haven’t been able to shed more light on our findings.
The problem we have with ASM producing multiple cookies is that it limits our desire to cater for all currently used browsers.
According to rfc2109, all browser *must* support a minimum of 20 cookies per domain name, problem is IE6 which is still widely used, has taken that number to mean minimum & maximum. Firefox allows 50 cookies. Safari 1000. Opera 50.
Unfortunately IE6 did ignore this clear standard, it would only support a total of 20 cookies and our app already use close to 20, the fact that ASM now produces multiple cookies means we’ll be decreasing IE6 user experience ⇒ older cookies gets discarded to make space for newer ones during the same session.
I have already suggested to support about creating a single algorithm within ASM that makes sure that only one ASM cookies ever gets created to protect other cookies, see Cookies is are very expensive to us, infact cookies are bread & butter.