You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.
Home > Default > Browser session expiration or auto-logout by account type
Browser session expiration or auto-logout by account type
print icon
Greg Siebert
May 03, 2017
views icon 605

We handle browser sessions accross all dealer tools the same way that Google handles access to their applications (i.e. myaccount.google.com, Gmail, YouTube, Google Docs, Google Search, etc).  

 

When you attempt to access one of the dealer tool applications directly the application attempts to locate an active browser session for the last validated user.

  1. If a valid browser session DOES exist, you are immediately logged into the application with the last validated account.
  2. If a valid browser session DOES NOT exist, the application you are attempting to access forces you to validate against the SSO controller application (i.e. BioGuard UserAdmin or myaccounts.google.com).

When switching from App A to App B using the BioGuard Waffle Icon user validation follows a very similar process:

 

The new application (App B) that you are attempting to access determines if there is an active browser session already available (last validated user):

  1. If a valid browser session DOES exist, you are immediately logged in with the last validated account associated with that browser session.  This is key!  If the last validated user stored in the session variable for App B is NOT the account you accessed App A with, you are automatically logged in with the user that is validated for App B. Web browsers prevent the existing browser session from being destroyed programmatically by a new incoming browser session. This is just the way web browser sessions work!
  2.  If a valid browser session DOES NOT exist for App B it falls back to the SSO controller application to determine if the user has permission to access App B.  If permission is granted, a new browser session is created for App B.

 

How BioGuard’s browser sessions are destroyed:

 

    1. The session expires
      • Test Station Account: expires/destroyed after 24 hours of inactivity
      • Manager/Admin account: expires/destroyed after 1 hour of inactivity

 

  1. Manually logging out of EACH individual application.

    Note: Logging out of App A destroys the session variable for App A.  App B is left untouched until the session expires or the destroyed by manually logging out of App B.

 

Summary:

  • The only ways to destroy a browser session are to manually logout OR let it expire
  • Browser sessions are a good thing.  They allow us to keep users from having to login to each application every time they access that application.
  • Browser sessions are confusing because they are unique to each application.  This allows User A to be logged in to App A and User B to be logged in to App B at the same time.
  • This is a standard SSO practice. There is really no way to program around this UNLESS we are willing to inconvenience our users by forcing them to login to each application whenever they switch apps
  • For most dealers, this will be most noticeable during the setup process (switching between admin and test station accounts).
  • Moving forward, this may cause additional confusion as more apps are added to the BioGuard Tools environment.  Especially with smaller dealers whose main/only computer is their ALEX computer.

 

Recommendations:

  • Ideal: Admins and Managers should access the various apps from their own work computer.  Leave the ALEX Test Stations for test station accounts only.
  • The ideal scenario may not be possible for all dealers.  If this is the case, recommend that Admins and Managers access the BioGuard Tools from one PC and leave the ALEX Test Station PCs for test station accounts only.  Since Admin and Manager sessions expire after 1 or 2 hours, there is less of a chance they will run into the confusion.  They do need to be aware that if an admin and a manager login immediately after one another they should be sure to manually log out of any applications they accessed.
  • Last Resort: 1 PC shared by all accounts.  In this scenario, dealer admin and managers need to be 100% aware that they should LOGOUT of each application after use.
  • Advanced ONLY option. Do not suggest this option to non-technical dealers.  In my opinion this is much more confusing than simply telling a dealer to log out of each app after they access it with an admin or manager account.  If the dealer is computer savvy and you feel they have an understanding of the Google Chrome browser and its user account capabilities you can suggest this as an option. IMPORTANT: We will not set this up for dealers.  If a dealer does not understand the concept below, they should not be attempting it.
  1. Setup a Google account for each user (including test station users) and associate it with each user’s email address.  Example: setup a Google account and associate it with [email protected].  Setup a Google account and associate it with [email protected]. Rinse and Repeat for each BioGuard account.
  2. Add each account created to the Google Chrome People section (Settings » People » Add Person)
  3. Before accessing any dealer tools, the dealer should instruct their employees to switch to their Google account inside the browser (Click Name in top right » Switch Person » Login to Google account – see below)
  4. This will create a new browser instance.  All session variables created inside this instance will be associated with that Chrome user’s browser instance.

 

 

 

***PRIVILEGE AND CONFIDENTIALITY NOTICE***

This communication and all attachments are confidential and may be legally privileged. It should only be read by the person to whom it is addressed. If you have received this communication in error, please notify BioLab, Inc., do not review it or forward it and delete it and all attachments from your system.

Feedback
0 out of 4 found this helpful

close button
scroll to top icon