Close session and secure channel in case of repeated user authentication failures
After a configurable number of user authentication failures, the implicated session and secure channel are closed by the server:
- (ActiveSessionResponse is returned with the appropriate error status code): since the secure channel closure is treated in priority, it might not be sent.
- Session is closed in Server: further attempts to use this session will lead to Bad_SessionIdInvalid.
- Secure channel is closed by the server: a TCP UA error is send with the Bad_SecurityCheckFailed error status. Note: the number of user authentication failures is cumulative with no consideration of the successful attempts (protection against valid and invalid alternating attempts).
Edited by Vincent Monfort