Last Modified: Oct 06, 2020
See more info
Known Affected Versions:
14.0.0, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 14.0.1, 18.104.22.168
Opened: May 30, 2018
A reported session ID is not maintained for the same user session.
The TS cookie is not created since there is no cookie-enforcing feature that is turned on (such as session tracking). Although this is correct behavior, it might result in confusion when there is a different, random session ID on each request.
-- Simple, feature-less policy (i.e., policy contains only attack signatures). -- There are no cookies coming in from the server.
Turn on a cookie-related feature (such as session tracking).
session_id is no longer shown in request log when TS cookie does not exist. This prevents any potential confusion when viewing the logs in this situation.