Details
-
Bug
-
Resolution: Fixed
-
Blocker
-
17.4.4, 17.8.0
-
Windows 11 Pro, Edge 140, using an instance of XWiki 17.4.5 on Oracle 19c, Tomcat 11.0.11
-
Integration
-
Unknown
-
N/A
-
N/A
-
Description
Steps to reproduce
- Go to the servlet config files and set a short session timeout (for the test purpose, e.g. on Tomcat go to <server path>/conf/web.xml and set <session-timeout>1</session-timeout> in order for the session to expire after 1 minute)
- Start XWiki instance
- Clear cache and all cookies (to make sure they don't have any impact)
- Click 'Log-in'
- Fill the username and password of an user/Admin, and tick "Remember me" option
- Wait until the session timeout expires and refresh the page
- Observe the state of the user
Expected results
The user is still logged in, since the "Remember me" option was checked at login.
Actual results
The user is logged out.
I could reproduce the issue as well on XWiki 17.8.0, but it couldn't be reproduced on my side on XWiki 16.10.9 (here I reproduced a different behavior: the user remains logged in regardless if the session timeout expires even if "Remember me" is not ticked).
