Forum Discussion
hooleylist
Aug 01, 2012Cirrostratus
Hi Nik,
With most web apps, there isn't a legitimate reason for the client modifying the cookie value. I don't think I've ever worked directly with such an app.
The most common reason the cookie changes is that the client makes a request to another app on the same domain not passing through the same ASM policy which modifies the cookie. Another common cause for the violation is that the ASM cookie is set with a different expiry than the app's cookie.
I'd try to reproduce the issue with a browser plugin like HttpFox or an interception proxy like burpsuite on the client. You could also check with your app developers to get more information on what you find.
Aaron