Configuring the action after a Mid Tier session timeout

You can receive a Mid Tiersession timeout notification five minutes before the session timeout. This notification helps you to extend the Mid Tier session and avoid an abrupt session timeout.

When the session times out, the form data is cleared. If you click OK on the session timeout pop-up, and if the BMC Helix Single Sign-On session times out, the page is refreshed and you are redirected to the BMC Helix Single Sign-On login page.

 This functionality prevents unnecessary data exposure.

To enable this functionality, in the Centralized Configuration, set the following parameters to True:

Related topics

Configuring-the-Mid-Tier

Accessing-the-Mid-Tier-Configuration-Tool

You receive the session timeout notification on all open tabs for that session. The session timeout notifications are localized. If you are working on multiple forms, and you receive a notification, click OK on the notification dialog box of any form to continue the session.


Scenario: Maintaining the security of confidential information after a Mid Tier session timeout

At Apex Global, Laura is part of the payroll team, managing confidential salary information.

While Laura was away from her desk, the Mid Tier and BMC Helix Single Sign-On sessions timed out. The data from the application form she worked on is cleared, and the session is redirected to the BMC Helix Single Sign-On login page.


Enabling the Mid Tier timeout notification

A prior notification about the Mid Tier session timeout helps to extend the session. 

Set the arsystem.show_session_timeout_popup parameter in the Centralized Configuration to True and enable the session timeout notification. For more information, see arsystem.show_session_timeout_popup

When you enable the session timeout, the following message is displayed before the session timeout:

23_3_03_Mid-Tier-Session-Timeout.png

However, if you click the cross button (23_3_03_Browser_cross.png) in the browser, you are not redirected to the log in page but the form data is cleared.


Mid Tier session timeout behavior in a BMC Helix SSO-enabled and non-enabled environment

How does the Mid Tier session timeout work in a BMC Helix SSO-enabled environment?

In a BMC Helix Single Sign-On enabled environment, Mid Tier session is renewed until the BMC Helix Single Sign-On session times out.

However, when the BMC Helix Single Sign-On session times out, the Mid Tier session becomes invalid and you are redirected to the BMC Helix Single Sign-On login page.

This functionality prevents unnecessary data exposure.

(On-premises only) How does the Mid Tier session timeout work when BMC Helix SSO is not enabled?

When your environment does not include BMC Helix Single Sign-On, a session times out with Mid Tier session timeout. In this case, you are redirected to the Mid Tier login page.

However, the form data is cleared to prevent unnecessary data exposure.

You can track the Mid Tier session timeout in Mid Tierlogs. For more information, see Mid-Tier-logging.


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*