The default value of 0 for session.validationinterval leads to poor performance. As the documentation says, it means that every single incoming request to the application will need to make at least one request out to Crowd. Currently when using SSO (i.e. the Crowd authenticator) it makes 2 connections to Crowd per request. One to validate the SSO token and one to get the SSO cookie configuration.

We should change the default value in the bundled properties file (and update the documentation) to a non-zero value so it looks up the user from the session until the validation interval is reached.