Why does "WARNING Session expired or no session" keep appearing on System Log?

Check Your Version:

This article applies to all NetWall versions.

This warning is generated by the UI layer. It indicates that a request was sent to NetWall without a valid authenticated session, or that the existing session had already expired.

This typically occurs when:

  • A user session times out but the browser continues sending background requests.

  • A user attempts to access UI endpoints directly without being authenticated.

  • An external application, script, or automation tool attempts to connect to NetWall without proper authentication.

  • A monitoring tool or API client is calling UI endpoints instead of using the appropriate authenticated API endpoints.

The warning itself does not necessarily indicate a system failure. However, repeated entries may indicate that unauthorized or unauthenticated requests are being sent to the system.

Recommended Checks

  • Review the NetWall logs to identify requests received by the GUI service and correlate the timestamps with the warning messages.

  • Capture a PCAP on the system to determine which IP address is sending the requests. The packet capture will help identify the source host attempting to connect without a valid session.

Support:

If Further Assistance is required, please proceed to log a support case or chatting with our support engineer.