In XenApp 6, XenApp 6.5, and XenApp 6.5 with Hotfix Rollup Pack 1, with Auto Client Reconnect* enabled, a locked desktop session does not prompt users for credentials after reconnecting.

Caution! Refer to the Disclaimer at the end of this article before using Registry Editor.

• Fix #LA2659 (in Hotfix Rollup Pack 2 for XenApp 6 and Hotfix Rollup Pack 2 for XenApp 6.5) introduces support for the following registry key that allows configuring the session timer:
  HKEY_LOCAL_MACHINE\Software\Wow6432Node\Citrix\WFShell
  Name: SessionReconnectMinTimeInMilliSeconds
  Type: REG_DWORD
  Data: 20000 (default)

• In addition, Fix #LA3642 (in XA600R02W2K8R2X64020 for XenApp 6 and Hotfix Rollup Pack 2 for XenApp 6.5) allows reverting the behavior introduced by Hotfix Rollup Pack 1 for XenApp 6 and Hotfix Rollup Pack 2 for XenApp 6.5 so that sessions do not prompt users for credentials after reconnecting. To do this, set the following registry key:
  HKEY_LOCAL_MACHINE\Software\Wow6432Node\Citrix\WFShell
  Name: LockOnReconnect
  Type: REG_DWORD
  Data: <0=OFF; any other value=ON (default)>

Caution! Reverting the behavior introduced by Hotfix Rollup Pack 1 for XenApp 6, and Hotfix Rollup Pack 2 for XenApp 6.5 leaves disconnected desktop session unlocked when attempting to reconnect. Doing so might have a security impact in certain deployments.

* This issue affects only the Auto-Client Reconnect feature. It does not affect reconnections using the Session Reliability and Workspace Control features.

Problem Cause

The session active time is monitored. If the session active time is less than 20 seconds, the session is locked by default upon reconnection, regardless of the lock status before disconnecting.