Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13945

User Profile page, sessions getSessionInfo does not advance maxIdleExpirationTime

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Not a defect
    • 6.5.0, 5.5.3
    • None
    • None
    • Rank:
      1|hzx42n:
    • 0
    • No
    • None

    Description

      Bug description

      For a user logged into AM and left idle on User Profile page, XUI calls to sessions?_action=getSessionInfo do not advance the maxidleExpirationTime, so session expires after maxIdleExpirationTime.  This is different to behaviour seen in 5.5.1.

      How to reproduce the issue

      1. I deployed AM 5.5.1, set the Configuration -> Global Services -> Session -> Dynamic Attributes max idle time to 5 mins and max session time to 15 mins.
      2. I logged in as user demo, top level realm. Opened network tab of browser developer tools.
      3. Left the user idle on the user profile page.  After 4mins 59 secs, there is a POST to /json/session?_action=getSessionInfo that gives a 200 response with json.  In the json, the maxIdleExpirationTime has been advanced for another 5 mins. 
      4. This continues for each 5 mins idle interval until the session expiry (15 mins) is reached (subsequent call to getSessionInfo results in 401) and then the Session expired page is displayed.
      5. In 5.5.3 snapshot (sustaining/5.5.x build) and latest 6.5.0 master, the same testing results in the POST to getSessionInfo after 4mins 59 secs, but the json response does not advance the maxIdleSessionTime.  As a result, the subsequent call made by the AM client side code to the same endpoint (after the expiry of the maxIdleExpirationTime) results in 401 and the Session Expired page is displayed.
      Expected behaviour
      XUI and getSessionInfo calls refresh the maxIdleExpirationTime so that the session can remain on the user profile page for up to session Expiry time.  This behaviour is consistent with that seen in 5.5.1.
      
      Current behaviour
      The maxIdleExpirationTime is not refreshed to expire in another idle time mins time, so the session expires and the session expired page is shown.

      Work around

      None known

      Attachments

        Issue Links

          Activity

            People

              jonthomas Jonathan Thomas
              lawrence.yarham Lawrence Yarham
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: