session-state inside Post-Auth-Type REJECT

[work vlpl]

Hello, I am using 3.0.17 (git #511dfd77d) version.

Documentation says what session-state attributes are not available
inside Post-Auth-Type REJECT
https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/raddb/sites-available/default#L827
, but in debug log I have access to it.

# Executing group from file /usr/local/etc/raddb/sites-enabled/testing-stie
(9)   Post-Auth-Type REJECT {
(9)     policy debug_session {
(9)       if ("%{debug_attr:session-state:}" == '') {
(9)       Attributes matching "session-state:"
(9)         &session-state:User-Name := testing_remote
(9)         EXPAND %{debug_attr:session-state:}
(9)            -->
(9)         if ("%{debug_attr:session-state:}" == '')  -> TRUE
(9)         if ("%{debug_attr:session-state:}" == '')  {
(9)           [noop] = noop
(9)         } # if ("%{debug_attr:session-state:}" == '')  = noop
(9)       } # policy debug_session = noop

Is this expected behavior?

This is eap request, and I set session state inside inner-tunel like this

(7)         update outer.session-state {
(7)           User-Name := &reply:Supplicant-User-Name -> 'testing_remote'
(7)         } # update outer.session-state = noop

--
Vladimir