Execution Cycle: User Session Management

The illustration and table that follow describe the process of session management from a user attempt to log into the Lawson system through log-out (or automatic system timeout).

Illustration: User session process
Step # What is Happening
0 A user successfully authenticates to the Lawson system via St as STS (Lawson Server) or Kerberos (on Sharepoint).
1 The authenticating server sends credentials to SSO via HTTP.
2 SSO creates a unique identifier for the session which is stored on the user's browser.
3 (on-going)

Ongoing: SSO performs session management functions.

  • If the user logs out but does not close the browser, the session remains active for a number of hours. Eventually, the session times out and the identifier is invalidated.

  • If the user leaves the session open but is not active, the session eventually times out and the identifier is invalidated.

  • If the user closes the browser at any time, the identifier is removed.