Confluence loads anonymous accessible pages slowly after SSO session times out but crowd.token_key cookie still exists

Symptoms

After a user's SSO session expires, as long as they have the crowd_token cookie set in their browser, each page load of anonymous content will be slow until either the cookie is removed or they log in again. The amount of time it takes seems to vary, based on my own replication it usually takes about 5-10 seconds, but I've had reports of it taking 20-30 seconds to load pages. It is important to note that this does not affect the load speed of the dashboard, the login page, or the redirection to the login page when trying to access a restricted page.

No error message is logged in either Confluence or Crowd application logs.

Steps to Reproduce

1. Set up Crowd SSO on Confluence
2. Log in as a crowd user
3. Log in to crowd, expire that user's session
4. Access any page that is anonymously accessible, other than the dashboard itself (i.e. inside of a space)

Workaround

There are the following workarounds to get around the slow page loads:

• Log in again
• Manually delete the cookie using the browser settings
• Restart the browser so that the session cookie is automatically deleted
• Set the session expiry time to something very large so that this is hit less frequently