Redbex Reference Manual - User session expiration

Zoom Window Out
Larger Text | Smaller Text
Hide Page Header
Show Expanding Text
Printable Version
Save Permalink URL

Navigation: Application Server > Common services > User sessions

User session expiration

The Application Server cannot trust that all user sessions are closed by a log out. Clients might just forget to log out, might crash, loose internet connection etc. To still keep a valid record of open user sessions the Application Server implements a mechanism for session expiration. This mechanism is also important since your license might restrict the number of concurrent user sessions, Clients that fail or forget to log out would use up your allowed number of concurrent connections quickly.

Depending on how long ago the a user session was last used to query the Application Server the session is classified into different states. Table one lists these states and their meaning. When the Application Server receives the request to create a new user session the state of existing user sessions will be evaluated and idle or abandoned sessions might be closed, according to the logic described below.

State	Meaning
Active	A session is active if it was used for a request to the Application Server within the session idle time span negotiated between Client and Server.
Idle	A session is considered idle if it was not used for a request to the Application Server within the session idled time span negotiated between Client and Server but if the user session was used within the time span specified with the global setting User session abandoned threshold Idle user sessions might be closed by the Application Server if another user requests a new user session but the license does not allow more concurrent user sessions.
Abandoned	A session is considered as abandoned if it was not used within the time span specified in the global settings. Abandoned user sessions will be closed by the Application Server automatically.

Table 1: States for open user sessions

When a user tries to create a new user session (during login) the Application Server first closes all abandoned sessions. Then the Application Server counts the number of sessions in active or idle state and if this number is less than the allowed number of concurrent connections specified by the currently installed license the user session can be created (if all other conditions for session creation are met, see chapter Preconditions for user session creation for details).

If the Application Server detects that the currently installed license does not allow the creation of another (concurrent) user session it will automatically close the the user session that has been idle for the longest time. If there are no idle user sessions the Application Server will not create a new user session.

Each user session stores the timestamp when it was last used and the time span it is allowed to be idle. The time a session is allowed to be idle is given in seconds and defaults to the value of the global setting User sessions & security: Default User session timeout [s] when the session is created. However the client can negotiate another timeout value somewhere between 300 seconds and the value defined by the global setting User sessions & security: Maximum allowed user session timeout [s]. If the client tries to set a longer idle time it will be set to User sessions & security: Maximum allowed user session timeout [s] automatically. If the client tries to set a shorter allowed idle time, the idle time will be set to 300 seconds.

Changing the global setting User sessions & security: Default User session timeout [s] and User sessions & security: Maximum allowed user session timeout [s] will only affect sessions created thereafter.