Bug ID 748999: invalid inactivity timeout suggestion for cookies

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,, 14.0.0,,,,, 14.1.0,

Fixed In:

Opened: Nov 06, 2018

Severity: 4-Minor


ASM will report "invalid inactivity timeout" suggestions to delete a cookie, even though the cookies are being sent and are valid.


Since non-violating traffic is not sent to the policy engine, the inactivity timeout timer is never reset, which will eventually lead to suggestions to delete the inactive cookie entities. These suggestions are erroneous because valid cookies are being sent in the traffic.


- Inactivity timeout feature is configured in Policy Builder - Cookie entity is configured in the policy - Valid, non-violating traffic containing cookies is passed


Ignore the inactive entity suggestions for cookies

Fix Information

Inactivity learning for cookies has been deprecated, the feature does not cover cookies anymore.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips