|
| Summary: |
Users are logged out after the server session expires even if the "Remember Me" option is ticked |
| Issue Type: |
 Bug |
| Affects Versions: |
17.4.4 |
| Assignee: |
Unassigned |
| Attachments: |
user_after_login.png, user_after_session_expired.png |
| Components: |
User |
| Created: |
09/Oct/25 15:04 |
| Environment: |
Windows 11 Pro, Edge 140, using an instance of XWiki 17.4.5 on Oracle 19c, Tomcat 11.0.11 |
| Priority: |
 Blocker |
| Reporter: |
Ilie Andriuta |
| Description: |
Steps to reproduce
- Go to the servlet config files and set a short session timeout (for the test purpose, e.g. on Tomcat go to <server path>/conf/web.xml and set <session-timeout>1</session-timeout> in order for the session to expire after 1 minute)
- Start XWiki instance
- Clear cache and all cookies (to make sure they don't have any impact)
- Click 'Log-in'
- Fill the username and password of an user/Admin, and tick "Remember me" option
- Wait until the session timeout expires and refresh the page
- Observe the state of the user
Expected results The user is still logged in, since the "Remember me" option was checked at login. Actual results The user is logged out. I could reproduce the issue as well on XWiki 17.8.0, but it couldn't be reproduced on my side on XWiki 16.10.9 (here I reproduced a different behavior: the user remains logged in regardless if the session timeout expires even if "Remember me" is not ticked). |
|
