UnifiedLogon User Session Structure
KB Artcile # 2682
Arnica UnifiedLogon maintains user sessions using two different data sets: global session and application-specific micro session.
Global user session data maintains application-independent properties of user session :
- Start date - date of first user request in the context of current user session
- Finish date - projected date of global session timeout
- Validation date - date of last request, made in the context of current session (from any application)
- Renewal date - date when user successfully logged on to renew a previously expired session
Application micro session properties are specific to session activity made from a particular application:
- Start date - date of first request made from the application
- Validation date - date of last request made from the application
The first user request creates a global session as well an application micro session, corresponding to the application, from which the request was made:
Subsequent request from the same application prolongs global session timeout and updates both global session and application micro session validation dates:
When a new request is made in the context of the same session from a different application, a new application session is created:
In the example below, request is made from a third application, however, in this example, timeout of application 2 is larger than timeout configured for application 3. Thus, the global finish date stays intact and is not changed by the activity created from application 3. The global session finish date value can be only increased by any subsequent activity:
Session validation is always performed in the context of a particular application. For the session to be considered not expired, the current date should be less or equal to the projected timeout of the application-specific micro session of the application. Projected micro session timeout is calculated by adding the timeout value configured for the application to the validation date value of the corresponding micro session.
If application is configured as "trusting global session", then projected micro session timeout is calculated by adding the timeout
value configured for the application to the validation date value of the global session.
The finish date property of the global session is not used during session validation process to calculate whether the session is valid or not; it is used for session analysis and reporting purposes only.
Arnica UnifedLogon Administrator module provides session reporting and analysis tools. Below is an example of the session analysis page: