SAP Knowledge Base Article - Public

1800435 - Changed frontend behavior due to introduced session-timeout (security)

Symptom

After an inactivity period of 60 minutes a message is displayed offering to prolong the session. The message adds a courtesy buffer of 5 minutes.
The confirmation will reset the timeout counter again and would count up to 60 minutes. Every interaction with the SAP system will reset this counter as well.
Session will be terminated, if the defined time frame has passed without any activity.

Environment

SAP Business ByDesign

Reproducing the Issue

A timeout is not an issue but a security requirement.

Cause

Common data protection and privacy requirements demand for this session handling.
In alignment with SAP Security officials, session-timeouts of 60 minutes are defined for OnDemand products.

Resolution

SAP follows the principles of data consistency and data security first.
This system behavior will ensure best security and privacy practice.

Keywords

session-timeout, session, ByD, inactvity, compliance, security , KBA , time out , session , pause , session non valide , session arrêtée , session expirée , session suspendue , session no longer valid , session no valida , sesión expiro , 60 min , connexion coupée , 60 minutes , connectivité , conexión , arrêt , auto logoff , login session expired , log on again , desconectado , déconnexion , déconnecter , expired , AP-RC-UIF-RT-B , ByD HTML5 Client (not for Cloud for Customer) , How To

Product

SAP Business ByDesign all versions