Session Lock

The system will prevent further access to the system by initiating a session lock, which conceals privileged information, for local access sessions, after a configurable period of inactivity of one to 1,440 minutes, configurable in one- minute increments.

When the user's session is timed out then instead of the system logging out the user, it will present the user with a dialog box to log in again. If the user provides the correct credentials, then the user will resume the session from where they left off. If the user opens a new tab or new browser, they will be redirected to the login page.

The Login Timeout setting controls the time of user inactivity when a session lock will be initiated and can be found in the Manage > Master Configuration > Customer Options section.

This setting can be enabled by entering a configurable time of inactivity of one to 1,440 minutes, configurable in one-minute increments or disabled by entering 0 into the Login Timeout field. If Login Timeout is set to 0, then the user session does not time out.

However, if this field is set to 0, there is still the CurrentUserTokenExpireHours= master setting in the Wbi.cfg file which will override this configuration and invalidate or end the session after the configured setting in this file.

For example, if the setting is configured as follows:

CurrentUserTokenExpireHours=8

Then this entry forces a logout irrespective of whether the user has been active for say 8 hrs.

The system will retain the session lock until the user re-authenticates.

When the session lock has been enabled, another user has the capability to be authenticated (e.g., switch user functionality) and will be presented with the Warning Banner and upon acceptance of the terms, the user log in prompt will become available.