Bug Note 40475 - Simultaneous logins by the same userId can result in disabled account

GemStone/S

6.5.5, 6.5.4, 6.5.2, 6.5.1, 6.5, 6.3.1, 6.3, 6.2.x, 6.2, 6.1.6, 6.1.5, 6.1.x, 6.0.x, 5.1.5.1

All

6.5.6

Simultaneous logins by the same userId can result in disabled account

If two logins for the same userId occur within the same clock second, a
logic error in the code compares the password age, rather than the time
since last login, to the staleAccountAgeLimit. So, if the time since the
last password change is longer than the staleAccountAgeLimit, the account's
login may be disabled with the reason "StaleAccount".

This bug requires a passwordAgeLimit that is larger than the staleAccountAgeLimit,
as well as near-simultaneous logins, and so is rare in practice.

Workaround

Setting a passwordAgeLimit that is smaller than the staleAccountAgeLimit
will avoid the problem. Or, manually resetting the password (to the same
password, if that is allowed by the security configuration), will reset
the password change date.

Bug 40475

Simultaneous logins by the same userId can result in disabled account

Workaround