The creation of a user session is done during login. Before a session can be created the systems checks all preconditions listed in Table 1. If one of these preconditions is not met the system will not create a user session, the login attempt will fail and the client will be informed accordingly.
Precondition |
Description |
User is authenticated |
Before a session is created the user has to be authenticated, only one session can be created for one successful authentication attempt. |
User is not locked |
A user session cannot be created if the user account is locked due to repeated authentication failures. The user account can be unlocked by users with the system permission Manage users and user groups (0). |
User is active |
No user session can be created if the user account is set inactive. A user with the system permission Manage users and user groups (0) system can set a user inactive or active. |
Current date and time is within the user's validity time span |
Each user account can have a validity time span. Creating a user session is only possible if the current date is within that validity time span, or if no validity time span is set. |
User's password is not expired |
A user can still authenticate with an expired password but no session can be created. See password aging for details. |
Application Server is not closed |
The Application Server must be configured to allow new user sessions. If the server does not allow new user sessions only users having the system permission Create user session when server is closed (13) can create new user sessions. |
Table 1: Precondition that have to be met before a user session can be created.
