XUI is not able to recover from invalid SSO cookie value

[pavelhoral]

When the SSO cookie contains invalid value it is being rejected by the backend and XUI ends with the following error:

Invalid session ID.AQIC5wM2LY4SfcwyPX8v4cOabkF-gsbQApRzjna3JbnKLTk.*AAJTSQACMDIAAlNLABQtNDk5NTAzMTUyMzMxODA4NTcyOQACUzEAAjAx*

stack trace for the server rejection

``` Daemon Thread [http-nio-8080-exec-3] (Suspended (breakpoint at line 49 in InvalidSessionIdException)) (out of synch) owns: NioEndpoint$NioSocketWrapper (id=2193) InvalidSessionIdException.(String) line: 49 (out of synch) InvalidSessionIdException.(SessionID) line: 41 (out of synch) LocalOperations.resolveToken(SessionID) line: 234 (out of synch) LocalOperations.getSessionInfo(SessionID, boolean) line: 195 (out of synch) LocalOperations.refresh(Session, boolean) line: 112 (out of synch) MonitoredOperations.refresh(Session, boolean) line: 67 (out of synch) Session.doRefresh(boolean) line: 765 (out of synch) Session.access$000(Session, boolean) line: 84 (out of synch) Session$1.run() line: 741 (out of synch) RestrictedTokenContext.doUsing(Object, RestrictedTokenAction) line: 81 (out of synch) Session.refresh(boolean) line: 737 (out of synch) SessionCache.getSession(SessionID, boolean, boolean) line: 262 (out of synch) SSOProviderImpl.createSSOToken(String, boolean, boolean) line: 206 (out of synch) SSOProviderImpl.createSSOToken(String, boolean) line: 185 (out of synch) SSOProviderImpl.createSSOToken(String) line: 237 (out of synch) SSOTokenManager.createSSOToken(String) line: 375 (out of synch) SSOTokenFactory.getTokenFromId(String) line: 70 OptionalSSOTokenSessionModule(LocalSSOTokenSessionModule).validate(HttpServletRequest, MessageInfoContext, Subject) line: 210 OptionalSSOTokenSessionModule(LocalSSOTokenSessionModule).validateRequest(MessageInfoContext, Subject, Subject) line: 175 AuthModules$LoggingAuthModule(AuthModules$WrappedAuthModule).validateRequest(MessageInfoContext, Subject, Subject) line: 567 AuthModules$LoggingAuthModule.validateRequest(MessageInfoContext, Subject, Subject) line: 456 AuthModules$SessionAuditingAuthModule(AuthModules$WrappedAuthModule).validateRequest(MessageInfoContext, Subject, Subject) line: 567 AuthModules$SessionAuditingAuthModule(AuthModules$AuditingAuthModule).validateRequest(MessageInfoContext, Subject, Subject) line: 338 AuthModules$SessionAuditingAuthModule.validateRequest(MessageInfoContext, Subject, Subject) line: 393 AuthModules$ValidatingAuthModule(AuthModules$WrappedAuthModule).validateRequest(MessageInfoContext, Subject, Subject) line: 567 AuthModules$ValidatingAuthModule.validateRequest(MessageInfoContext, Subject, Subject) line: 290 SessionAuthContext.validateRequest(MessageContext, Subject, Subject) line: 75 AggregateAuthContext.validateRequest(MessageContext, Subject, Subject) line: 89 AuthContexts$LoggingAuthContext(AuthContexts$WrappedAuthContext).validateRequest(MessageContext, Subject, Subject) line: 364 AuthContexts$LoggingAuthContext.validateRequest(MessageContext, Subject, Subject) line: 284 AuthContexts$AuditingAuthContext(AuthContexts$WrappedAuthContext).validateRequest(MessageContext, Subject, Subject) line: 364 AuthContexts$AuditingAuthContext.validateRequest(MessageContext, Subject, Subject) line: 231 AuthContexts$ValidatingAuthContext(AuthContexts$WrappedAuthContext).validateRequest(MessageContext, Subject, Subject) line: 364 AuthContexts$ValidatingAuthContext.validateRequest(MessageContext, Subject, Subject) line: 190 AuthenticationFramework.validateRequest(MessageContext, Subject, Handler) line: 149 AuthenticationFramework.processMessage(Context, Request, Handler) line: 141 AuthenticationFilter.filter(Context, Request, Handler) line: 92 Handlers$1.handle(Context, Request) line: 61 GuiceHandler.handle(Context, Request) line: 59 (out of synch) HttpRoute$6.handle(Context, Request) line: 215 (out of synch) Router.handle(Context, Request) line: 108 OpenApiRequestFilter.filter(Context, Request, Handler) line: 70 Handlers$1.handle(Context, Request) line: 61 ApiDescriptorFilter.filter(Context, Request, Handler) line: 122 (out of synch) Handlers$1.handle(Context, Request) line: 61 OpenAMHttpApplication$1.filter(Context, Request, Handler) line: 70 (out of synch) Handlers$1.handle(Context, Request) line: 61 TransactionIdInboundFilter.filter(Context, Request, Handler) line: 60 Handlers$1.handle(Context, Request) line: 61 HttpFrameworkServlet.service(HttpServletRequest, HttpServletResponse) line: 237 HttpFrameworkServlet(HttpServlet).service(ServletRequest, ServletResponse) line: 733 ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 227 ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 162 WsFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 53 ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 189 ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 162 ResponseValidationFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 44 (out of synch) ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 189 ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 162 SetHeadersFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 88 (out of synch) ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 189 ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 162 AMSetupFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 111 (out of synch) ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 189 ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 162 AuditContextFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 51 (out of synch) ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 189 ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 162 StandardWrapperValve.invoke(Request, Response) line: 202 StandardContextValve.invoke(Request, Response) line: 97 NonLoginAuthenticator(AuthenticatorBase).invoke(Request, Response) line: 542 StandardHostValve.invoke(Request, Response) line: 143 ErrorReportValve.invoke(Request, Response) line: 92 AccessLogValve(AbstractAccessLogValve).invoke(Request, Response) line: 687 StandardEngineValve.invoke(Request, Response) line: 78 CoyoteAdapter.service(Request, Response) line: 346 Http11Processor.service(SocketWrapperBase) line: 374 Http11Processor(AbstractProcessorLight).process(SocketWrapperBase, SocketEvent) line: 65 AbstractProtocol$ConnectionHandler.process(SocketWrapperBase, SocketEvent) line: 887 NioEndpoint$SocketProcessor.doRun() line: 1684 NioEndpoint$SocketProcessor(SocketProcessorBase).run() line: 49 ThreadPoolExecutor(ThreadPoolExecutor).runWorker(ThreadPoolExecutor$Worker) line: 1136 ThreadPoolExecutor$Worker.run() line: 635 TaskThread$WrappingRunnable.run() line: 61 TaskThread(Thread).run() line: 833 ```

Severity of this issue is very low as invalid cookie value can only occur when AM server is being reinstalled (i.e. when users can have stale cookie value). Also the issue can be workarounded by closing and opening the browser (thus deleting the session cookie). However I feel like we might want to address this somehow.