F5 APM Session Cookies Doesn't Clear after User Inactivity
F5 APM Session Cookie MRHSession doesn't clear from browser if a user is inactive for more than 49 minutes.
We are using a custom iRule to invoke logout uri which will clear APM session cookies (F5_ST, MRHSession) from browser when F5 intercepts the URI that is configured in APM profiles.
This scenario is working fine for the first 48 minutes, if a user tries to access any protected uri while being inactive more than 15 mins and have a MRHSession cookie, then the irule verifies if the user session is expired and calls the logout, which is clearing the cookies on the browser.
This scenario is working for first 48 minutes but from 49th minute, APM is setting a new MRHSession Cookie and in APM console i see a new N/A user to it.
I don't understand this odd behavior on why F5 is validating MRHSession Cookie for the first 48 minutes and why it doesn't do later, does F5 APM have any settings where it cannot create a new session after 49 minutes.