Suppress MFA for a period of time

I was able to get this fixed with the help of a colleague. No matter what we tried in the response it always worked for the first person but no one after. We took the when HTTP_RESPONSE out completely and added a when ACCESS_POLICY_COMPLETES.

when ACCESS_POLICY_COMPLETED {
 
    if { [ACCESS::session data get session.custom.suppressmfa.setauthtable] == 1 }{
    	set sessionauth [ACCESS::session data get session.custom.suppressmfa.setauthtable]
			if {$static::AMIADEV_Cookie_debug } {log local0. "AMIA set auth table is $sessionauth"}
		table set tab_amia:[IP::client_addr] Authed $static::suppress_mfa(seconds)
		set taba [table lookup tab_amia:[IP::client_addr]]
			if {$static::AMIADEV_Cookie_debug } {log local0. "$taba"}
        HTTP::cookie insert name $static::suppress_mfa(cookie) value $static::suppress_mfa(value) path "/"
            if {$static::AMIADEV_Cookie_debug } {log local0. "cookie $static::suppress_mfa(cookie) set for $static::suppress_mfa(seconds)"}
        HTTP::cookie expires $static::suppress_mfa(cookie) $static::suppress_mfa(seconds) relative
            if {$static::AMIADEV_Cookie_debug } {log local0. "cookie expires in $static::suppress_mfa(seconds)"}
        HTTP::cookie secure $static::suppress_mfa(cookie) enable
        HTTP::cookie httponly $static::suppress_mfa(cookie) enable
        HTTP::cookie encrypt $static::suppress_mfa(cookie) $static::suppress_mfa(passphrase)
        ACCESS::respond 302 noserver "Location" [ACCESS::session data get session.policy.result.start_uri] "Cache-Control" "no-cache, must-revalidate" Set-Cookie "$static::suppress_mfa(cookie)=[HTTP::cookie $static::suppress_mfa(cookie)];path=/;secure;httponly;Max-age=$static::suppress_mfa(seconds)"
            if {$static::AMIADEV_Cookie_debug } {log local0. "policy completed"}
        foreach aHeader [HTTP::header names] {
			if {$static::AMIADEV_Cookie_debug } {log local0. "$aHeader: [HTTP::header value $aHeader]"}}
        unset sessionauth
		unset taba
        }
 }