Try OpenEdge Now
skip to main content
Customization Guide
Customizing Login pages using BPM Sign-on API : Reviewing session expiry scenarios

Reviewing session expiry scenarios

An HTTP session maintained between the browser and a domain can expire after a certain amount of idle time. There are three possible scenarios:
*Scenario 1: The session with WebApp<i> has expired, but not BPM Sign-on session0. In that case, the user is still considered logged in. If the user tries to access the pages under WebApp<i>, session<i> is transparently created.
*Scenario 2: The session0 with BPM Sign-on domain has timed-out, but not session<i>. The user can still navigate within the WebApp<i> domain. However, when the user tries to access protected WebApps whose sessions have timed out, the third scenario needs to be considered.
*Scenario 3: The session0 and session<i> are invalid. Then the user is considered to be logged out from the global domain, and the next time he tries to access another link, he will be directed to the single sign-on Login page.