Question
Branch Banking and Trust Company
Branch Banking and Trust Company
US
Posted: Aug 6, 2025
Last activity: Aug 17, 2025
Last activity: 17 Aug 2025 23:00 EDT
Corrupted User session and pxSessionTimeout
Background: WPI Application Portal Header has pxSessionTimeout set to 5 mins warning and 20 mins time out
Step1: On 07/31/25>> User A logins into systems in the office network. Disconnects from laptop while her/his session is active and no log out event for the 07/31/25.
Step 2: User A goes homes and connects to her/his VPN network on 08/01/25 -access the session from yesterday. User able to access the session but different user portal and thread details also corrupted.
Note: User having access to other user portal projected as compliance issue
Posted: 6 months ago
HCA Healthcare
HCA Healthcare
US
@DeepakJ05
This issue is happening because the old session from 07/31 was never properly closed, so when the user reconnects through VPN the next day, the server reuses that stale session data. Since pxSessionTimeout only controls inactivity warning and logout, it doesn’t clear a disconnected session without logout. To fix this, you should ensure sessions are force-terminated when the laptop disconnects, either by configuring short idle timeout at load balancer/application server or enabling “Terminate existing session on new login” in authentication service. Another option is to clear server caches for expired sessions by using dynamic system settings related to timeout and invalid session handling. It’s also important to review your AccessGroup and portal mapping rules to make sure that an expired session cannot default to another user portal. In regulated environments, enabling SSO re-authentication on each login is a safer approach to prevent compliance issues. Finally, advise users to log out instead of just disconnecting to avoid leaving sessions orphaned.