- In your XNAT logs, watch the access.log:
- Go to a small (MR) session in XNAT.
- Download the session with option 2 (zip download).
- Even though the session finishes downloading quickly, the session timer continues to get reset every minute.
- Users aren't getting logged out properly.
- Authentication session stays open, causing issues with the proxy in production.
Since this ping shouldn't even have really been necessary to make the zip download work in the first place, can we just remove it?
A small aside, you can even recreate the behavior Jenny is seeing on CNDA by restarting tomcat after a couple of calls from the browser to refresh the session:
Note that after tomcat has restarted, the user has switched from admin to guest, because the JSESSIONID is no longer valid.