Login page session timeout appears to no longer be working. Is this a bug? Or taken care of transparently to the user?

[joelcharlebois]

Describe the bug
The login page session timeout no longer appears to function. The login page session timeout is intended to specify the number of minutes before the AM login page times out if the user has not logged in. In past versions of OpenAm, when the login page session would timeout, a login with valid credentials, would result in OpenAM informing the user that the session has timed out, and present the user with a new login page and login session.

The setting as described in the OpenAM admin console:
(Go to: Configure > Server Defaults > Session > Session Limits > Invalidate Session Max Time)

"Duration in minutes after which the invalid session will be removed from the session table if it is created and the user does not login. This value should always be greater than the timeout value in the Authentication module properties file. (property name: com.iplanet.am.session.invalidsessionmaxtime)"

The default login page session timeout setting is 3 minutes.

This issue appears to be present using both XUI and legacy UI login pages.

The impacts are unclear to me, but perhaps a buildup of invalid or unused sessions in the OpenAM session table.

To Reproduce
Steps to reproduce the behavior:

1. Go to the OpenAM login page
2. Wait at least 3 minutes, or otherwise some amount of time longer than your Invalidate Session Max Time setting.
3. Login with valid credentials.
4. Successful login. No notice of an invalid login session.

** Environment **
Container: Wildfly 26.1.3
OpenAM: 14.7.2, and 14.7.1
JDK: OpenJDK version "17.0.6" 2023-01-17 LTS (64-bit)

** Question **
Could the OpenAM team comment on the above, if this is an issue or if OpenAM is transparently handling?

Thanks.