Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13945

User Profile page, sessions getSessionInfo does not advance maxIdleExpirationTime



    • Bug
    • Status: Resolved
    • Major
    • Resolution: Not a defect
    • 6.5.0, 5.5.3
    • None
    • None
    • Rank:
    • 0
    • No
    • None


      Bug description

      For a user logged into AM and left idle on User Profile page, XUI calls to sessions?_action=getSessionInfo do not advance the maxidleExpirationTime, so session expires after maxIdleExpirationTime.  This is different to behaviour seen in 5.5.1.

      How to reproduce the issue

      1. I deployed AM 5.5.1, set the Configuration -> Global Services -> Session -> Dynamic Attributes max idle time to 5 mins and max session time to 15 mins.
      2. I logged in as user demo, top level realm. Opened network tab of browser developer tools.
      3. Left the user idle on the user profile page.  After 4mins 59 secs, there is a POST to /json/session?_action=getSessionInfo that gives a 200 response with json.  In the json, the maxIdleExpirationTime has been advanced for another 5 mins. 
      4. This continues for each 5 mins idle interval until the session expiry (15 mins) is reached (subsequent call to getSessionInfo results in 401) and then the Session expired page is displayed.
      5. In 5.5.3 snapshot (sustaining/5.5.x build) and latest 6.5.0 master, the same testing results in the POST to getSessionInfo after 4mins 59 secs, but the json response does not advance the maxIdleSessionTime.  As a result, the subsequent call made by the AM client side code to the same endpoint (after the expiry of the maxIdleExpirationTime) results in 401 and the Session Expired page is displayed.
      Expected behaviour
      XUI and getSessionInfo calls refresh the maxIdleExpirationTime so that the session can remain on the user profile page for up to session Expiry time.  This behaviour is consistent with that seen in 5.5.1.
      Current behaviour
      The maxIdleExpirationTime is not refreshed to expire in another idle time mins time, so the session expires and the session expired page is shown.

      Work around

      None known


        Issue Links



              jonthomas Jonathan Thomas
              lawrence.yarham Lawrence Yarham
              0 Vote for this issue
              8 Start watching this issue