Symptoms

After upgrading to Crowd 2.6 from a previous version, all active SSO sessions are expired. Users are forced to login again.

Steps to reproduce

1. With Crowd 2.5.3, create a new user account ("user").
2. Using a different browser (to keep sessions separated), login as "user" into the demo application. Verify that the session is created with Crowd's user session browser, and by inspecting the contents of the CWD_TOKEN table.
3. Upgrade to Crowd 2.6 (verified with Crowd 2.6.1).
4. Using Crowd session browser, verify that the session is still there, but the "Last accessed" column is empty (CWD-3202). The row is still in the database, as evidenced by the attached screenshot, but the new field "last_accessed_time" has been created with a default value of 0. Note that this row will be automatically removed the next time Crowd runs its scheduled expired session deletion task (unconfirmed).
5. Reload the page in the demo application.

Expected outcome

Session initiated before the upgrade should still be valid. The user should be able to continue using the demo application without log in again.

Actual result

Session is destroyed by the upgrade. The user is request to log in again to continue using the demo app.