Last Modified: Nov 07, 2022
See more info
Known Affected Versions:
13.1.0, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 13.1.1, 220.127.116.11, 18.104.22.168, 14.0.0, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 14.1.0, 220.127.116.11
15.0.0, 18.104.22.168, 22.214.171.124, 126.96.36.199
Opened: Nov 06, 2018
ASM will report "invalid inactivity timeout" suggestions to delete a cookie, even though the cookies are being sent and are valid.
Since non-violating traffic is not sent to the policy engine, the inactivity timeout timer is never reset, which will eventually lead to suggestions to delete the inactive cookie entities. These suggestions are erroneous because valid cookies are being sent in the traffic.
- Inactivity timeout feature is configured in Policy Builder - Cookie entity is configured in the policy - Valid, non-violating traffic containing cookies is passed
Ignore the inactive entity suggestions for cookies
Inactivity learning for cookies has been deprecated, the feature does not cover cookies anymore.