Users should not have to reconnect to XWiki for groups to be updated after you reset the cache

[iuliabalan]

AFAIU currently "group cache expiration" is not used in the AD app and for this to work https://jira.xwiki.org/browse/LDAP-72 will be fixed.
However, when there is a mapping defined between AD groups and XWiki groups, the XWiki groups should be updated after the cache reset (without the users having to log out and log in again to XWiki)
Tested behavior on a client with XWiki version 10.8.1 and AD app version 1.6

• added test user to the AD group (note this groups had mapping defined with an XWiki group)
• the test user reconnected to XWiki and the corresponding group from XWiki did not update (the user was not added)
• user "Reset cache group" button and checked again: the corresponding group from XWiki still did not update (the user was not added)
• the test user logged out and logged in to XWiki and as a result: the corresponding group from XWiki was correctly updated to include as well our test user.
  The same steps were done for removing a user from the AD group and the user had to reconnect after the cache reset.
  This raises a security issue as users may still have rights on wiki/pages until they log out.
  LDAP-72 mentions "update the group cache expiration value without restarting the wiki" so the issue remains if the user still has to log out and log in to XWiki so that group mapping is applied
  Example: in our case, the client had group cache expiration value defined in AD application to 10 seconds, so once LDAP-72 is fixed and this value can be used, why would the user still have to reconnect?