At this time, SonicWall is not aware of any situation where a currently valid session token is written to log files outside of very specific debug configurations, which are being eliminated as a precaution to prevent any potential misuse.
As such, SonicWall customers using IPSEC VPN clients (e.g., Global VPN Client) or SSL-VPN clients (e.g., Connect Tunnel, NetExtender, Mobile Connect) in their default non-debug mode are not affected.
It should be noted that storage of the session cookie within VPN client process memory, during an active session, is not considered unwarranted exposure. By design, values within the session cookie are required to maintain session operation if re-establishment is required due to network interruption. In such a scenario, all session material stored by the clients are destroyed once the session is terminated.