User Session Note Expires Too Early

areller · February 19, 2021, 6:30pm

I have a custom required action that attaches a custom attribute to the user’s session by setting a session note.

requiredActionContext.getAuthenticationSession().setUserSessionNote("key", "value");

The problem is that this note disappears (gets deleted from the session) after about a minute (I believe that it’s the expiry of the access token) and it means that every minute I’m required to fill the required action form again.

The session itself doesn’t expired because I’m not prompted to enter my username/password again. Only the session notes expire.

Is there a way to attach custom attributes to the user’s session that would last as long as the actual user session (will last as long as I’m not required to re-enter credentials)?

areller · February 22, 2021, 2:29pm

That was a mistake on my side.
The problem was that I was setting the required action in the custom user provider storage.
It seems like calling addRequiredAction clears the session notes.

The problem was fixed when I created a custom authenticator that runs after the username/password and and sets the required action.

Topic		Replies	Views
Reset authentication flow within custom required action Extending the server	3	2853	June 16, 2021
Authnote set in the authentication context is null - Clustering Getting advice authentication	0	294	March 16, 2023
Skip required action, if user was impersonated Getting advice	0	351	December 23, 2022
Logging out at the end of the custom Required Action Extending the server	0	98	January 5, 2024
Required User Actions - unclear behavior Getting advice	2	536	November 24, 2021

User Session Note Expires Too Early

Related Topics