XUI is not able to recover from invalid SSO cookie value

[pavelhoral]

When the SSO cookie contains invalid value it is being rejected by the backend and XUI ends with the following error:

Invalid session ID.AQIC5wM2LY4SfcwyPX8v4cOabkF-gsbQApRzjna3JbnKLTk.*AAJTSQACMDIAAlNLABQtNDk5NTAzMTUyMzMxODA4NTcyOQACUzEAAjAx*

stack trace for the server rejection

Daemon Thread [http-nio-8080-exec-3] (Suspended (breakpoint at line 49 in InvalidSessionIdException)) (out of synch)	
	owns: NioEndpoint$NioSocketWrapper  (id=2193)	
	InvalidSessionIdException.<init>(String) line: 49 (out of synch)	
	InvalidSessionIdException.<init>(SessionID) line: 41 (out of synch)	
	LocalOperations.resolveToken(SessionID) line: 234 (out of synch)	
	LocalOperations.getSessionInfo(SessionID, boolean) line: 195 (out of synch)	
	LocalOperations.refresh(Session, boolean) line: 112 (out of synch)	
	MonitoredOperations.refresh(Session, boolean) line: 67 (out of synch)	
	Session.doRefresh(boolean) line: 765 (out of synch)	
	Session.access$000(Session, boolean) line: 84 (out of synch)	
	Session$1.run() line: 741 (out of synch)	
	RestrictedTokenContext.doUsing(Object, RestrictedTokenAction<T>) line: 81 (out of synch)	
	Session.refresh(boolean) line: 737 (out of synch)	
	SessionCache.getSession(SessionID, boolean, boolean) line: 262 (out of synch)	
	SSOProviderImpl.createSSOToken(String, boolean, boolean) line: 206 (out of synch)	
	SSOProviderImpl.createSSOToken(String, boolean) line: 185 (out of synch)	
	SSOProviderImpl.createSSOToken(String) line: 237 (out of synch)	
	SSOTokenManager.createSSOToken(String) line: 375 (out of synch)	
	SSOTokenFactory.getTokenFromId(String) line: 70	
	OptionalSSOTokenSessionModule(LocalSSOTokenSessionModule).validate(HttpServletRequest, MessageInfoContext, Subject) line: 210	
	OptionalSSOTokenSessionModule(LocalSSOTokenSessionModule).validateRequest(MessageInfoContext, Subject, Subject) line: 175	
	AuthModules$LoggingAuthModule(AuthModules$WrappedAuthModule).validateRequest(MessageInfoContext, Subject, Subject) line: 567	
	AuthModules$LoggingAuthModule.validateRequest(MessageInfoContext, Subject, Subject) line: 456	
	AuthModules$SessionAuditingAuthModule(AuthModules$WrappedAuthModule).validateRequest(MessageInfoContext, Subject, Subject) line: 567	
	AuthModules$SessionAuditingAuthModule(AuthModules$AuditingAuthModule).validateRequest(MessageInfoContext, Subject, Subject) line: 338	
	AuthModules$SessionAuditingAuthModule.validateRequest(MessageInfoContext, Subject, Subject) line: 393	
	AuthModules$ValidatingAuthModule(AuthModules$WrappedAuthModule).validateRequest(MessageInfoContext, Subject, Subject) line: 567	
	AuthModules$ValidatingAuthModule.validateRequest(MessageInfoContext, Subject, Subject) line: 290	
	SessionAuthContext.validateRequest(MessageContext, Subject, Subject) line: 75	
	AggregateAuthContext.validateRequest(MessageContext, Subject, Subject) line: 89	
	AuthContexts$LoggingAuthContext(AuthContexts$WrappedAuthContext).validateRequest(MessageContext, Subject, Subject) line: 364	
	AuthContexts$LoggingAuthContext.validateRequest(MessageContext, Subject, Subject) line: 284	
	AuthContexts$AuditingAuthContext(AuthContexts$WrappedAuthContext).validateRequest(MessageContext, Subject, Subject) line: 364	
	AuthContexts$AuditingAuthContext.validateRequest(MessageContext, Subject, Subject) line: 231	
	AuthContexts$ValidatingAuthContext(AuthContexts$WrappedAuthContext).validateRequest(MessageContext, Subject, Subject) line: 364	
	AuthContexts$ValidatingAuthContext.validateRequest(MessageContext, Subject, Subject) line: 190	
	AuthenticationFramework.validateRequest(MessageContext, Subject, Handler) line: 149	
	AuthenticationFramework.processMessage(Context, Request, Handler) line: 141	
	AuthenticationFilter.filter(Context, Request, Handler) line: 92	
	Handlers$1.handle(Context, Request) line: 61	
	GuiceHandler.handle(Context, Request) line: 59 (out of synch)	
	HttpRoute$6.handle(Context, Request) line: 215 (out of synch)	
	Router.handle(Context, Request) line: 108	
	OpenApiRequestFilter.filter(Context, Request, Handler) line: 70	
	Handlers$1.handle(Context, Request) line: 61	
	ApiDescriptorFilter.filter(Context, Request, Handler) line: 122 (out of synch)	
	Handlers$1.handle(Context, Request) line: 61	
	OpenAMHttpApplication$1.filter(Context, Request, Handler) line: 70 (out of synch)	
	Handlers$1.handle(Context, Request) line: 61	
	TransactionIdInboundFilter.filter(Context, Request, Handler) line: 60	
	Handlers$1.handle(Context, Request) line: 61	
	HttpFrameworkServlet.service(HttpServletRequest, HttpServletResponse) line: 237	
	HttpFrameworkServlet(HttpServlet).service(ServletRequest, ServletResponse) line: 733	
	ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 227	
	ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 162	
	WsFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 53	
	ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 189	
	ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 162	
	ResponseValidationFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 44 (out of synch)	
	ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 189	
	ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 162	
	SetHeadersFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 88 (out of synch)	
	ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 189	
	ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 162	
	AMSetupFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 111 (out of synch)	
	ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 189	
	ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 162	
	AuditContextFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 51 (out of synch)	
	ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 189	
	ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 162	
	StandardWrapperValve.invoke(Request, Response) line: 202	
	StandardContextValve.invoke(Request, Response) line: 97	
	NonLoginAuthenticator(AuthenticatorBase).invoke(Request, Response) line: 542	
	StandardHostValve.invoke(Request, Response) line: 143	
	ErrorReportValve.invoke(Request, Response) line: 92	
	AccessLogValve(AbstractAccessLogValve).invoke(Request, Response) line: 687	
	StandardEngineValve.invoke(Request, Response) line: 78	
	CoyoteAdapter.service(Request, Response) line: 346	
	Http11Processor.service(SocketWrapperBase<?>) line: 374	
	Http11Processor(AbstractProcessorLight).process(SocketWrapperBase<?>, SocketEvent) line: 65	
	AbstractProtocol$ConnectionHandler<S>.process(SocketWrapperBase<S>, SocketEvent) line: 887	
	NioEndpoint$SocketProcessor.doRun() line: 1684	
	NioEndpoint$SocketProcessor(SocketProcessorBase<S>).run() line: 49	
	ThreadPoolExecutor(ThreadPoolExecutor).runWorker(ThreadPoolExecutor$Worker) line: 1136	
	ThreadPoolExecutor$Worker.run() line: 635	
	TaskThread$WrappingRunnable.run() line: 61	
	TaskThread(Thread).run() line: 833	

Severity of this issue is very low as invalid cookie value can only occur when AM server is being reinstalled (i.e. when users can have stale cookie value). Also the issue can be workarounded by closing and opening the browser (thus deleting the session cookie). However I feel like we might want to address this somehow.