Current AM behavior was error prone to memory leaks and has a confusing logic regarding keeping non-expiring sessions active. This PR introduces a potentially breaking change in the sense that the responsibility of keeping the session active is now on the session holder and not the AM server. AM server only keeps its own sessions active.
Introduced changes:
NonExpiringSessionManager is no longer responsible for updating session expiration attributes.
Setting correct expiration attributes is being done by InternalSession#setNonExpiring (this is a breaking change for clients / agents that might expect different behavior).
AdminTokenAction was extended with thread-local property so that AuthenticationSessionStore can decide whether the newly registered session should be registered in NonExpiringSessionManager.
This might feel like spaghetti code, but I was not able to come up with a better approach that would not require huge code changes.
Current AM behavior was error prone to memory leaks and has a confusing logic regarding keeping non-expiring sessions active. This PR introduces a potentially breaking change in the sense that the responsibility of keeping the session active is now on the session holder and not the AM server. AM server only keeps its own sessions active.
Introduced changes:
NonExpiringSessionManageris no longer responsible for updating session expiration attributes.InternalSession#setNonExpiring(this is a breaking change for clients / agents that might expect different behavior).AdminTokenActionwas extended with thread-local property so thatAuthenticationSessionStorecan decide whether the newly registered session should be registered inNonExpiringSessionManager.