Session Still Viewable in Command Line After Deleting Session ID

Issue

After deleting a session through the "Session Browser" or through the CLI the session is still viewable from the command line interface.

See this image:

This session was deleted from the CLI:

admin@PA-4050> clear session id 113133

session 113133 cleared

This output indicates that the session is still viewable:

admin@PA-4050> show session id 113133

Session          113133

        c2s flow:
                source:      192.168.52.13 [L3-Trust]
                dst:         8.8.8.8
                proto:       17
                sport:       53978           dport:      53
                state:       INIT            type:       FLOW
                src user:    unknown
                dst user:    unknown
                ez fid:      0x0287703f (2, 2, 3, 63)

        s2c flow:
                source:      8.8.8.8 [L3-Untrust]
                dst:         10.46.40.52
                proto:       17
                sport:       53              dport:      63925
                state:       INIT            type:       FLOW
                src user:    unknown
                dst user:    unknown
                ez fid:      0x058ef03f (5, 2, 3, 63)

Cause

When deleting a session through the "Session Browser" or through the CLI, the session ID associated with the session will remain viewable with the same information until it is overwritten by a new session. To confirm the session has been removed from the active session table run the show session all filter destination command. For session ID 113133 the C2S destination IP of 8.8.8.8 can be filtered to verify that the session ID is no longer in the active session table.

admin@PA-4050> show session all filter destination 8.8.8.8

No Active Sessions

For more information on sessions see Palo Alto Networks Firewall Session Overview

owner: jperry1