Server activate session: allow to activate same user on same secure channel
Description
UACTT test Basic256 001.js make an attempt to activate the same session 2 times on same secure channel with anonymous user token. We are refusing this case because both secure channel and user are the same.
Analysis
This is due to a restrictive interpretation of the activate session service (see part 4 of 1.03 OPC UA specification):
Clients can change the identity of a user associated with a Session by calling the ActivateSession
We considered that changing for the same identity was an invalid case but it seems a bit restrictive regarding OPC UA certification tests
Implementation
Release the constraint and do not check anymore the user is the same when the secure channel is identical. Since the user identity token is still validated there is no issue with this behavior.
Note: it is still forbidden to change the secure channel and user at same time