After tab1 finish authentication, make sure that authenticationSession is expired shortly #23880
Description
Description
This is follow-up on #12406 .
Before #12406, when user had opened more browser tabs with login screen, then after successful authentication in tab1, the whole RootAuthenticationSessionModel was removed on the server from the infinispan cache. This caused that other browser tabs were not able to finish authentication. And hence needed to display "You are already logged-in" screen when user clicked on them back.
With the changes in #12406, the whole RootAuthenticationSessionModel is not removed anymore. Instead only single AuthenticationSessionModel of the current browser tab is removed and other browser tabs has a way to automatically finish authentication (which is done automatically by javascript script authChecker.js, which monitors if some other browser tab authenticated). Hence the RootAuthenticationSessionModel is usually removed as well in next turn due the other browser tabs finish authentication automatically.
The problem is, that javascript (triggered in authChecker.js) may not be always triggered in all browser tabs and hence some browser remain unauthenticated. This is the case for instance when some browser tab was redirected to 3rd party identity provider etc.
Due to this, it will be good to make sure that RootAuthenticationSessionModel is removed shortly after authentication is finished in tab1 to make sure that there is not unused authentication sessions in memory. As this could result in growing count of items in the authenticationSessions infinispan cache.
This should be good compromise between memory consumptions (as rootAuthenticationSession is removed at least 1 minute after successful authentication) and usability (other browser tabs have opportunity to finish authentication due the javascript).
Possible solution
After authentication in tab1, make sure that RootAuthenticationSessionModel is scheduled for expiration in short interval. This can be likely realm accessCodeLifespan interval, which is 1 minute by default. This can be triggered in AuthenticationSessionManager.updateAuthenticationSessionAfterSuccessfulAuthentication .