Skip to Content
Author's profile photo Onkar Velhal

Session Management Bible

There are few basic concepts which impact Session management in Business Objects:

1. Logon Token

This is created by the application ( both InfoView and CMC) when the users first log into the system. 

The expiry for this token is eight hours. Configuring the token duration is not supported. 

Configuring whether to use this token is optional (enabled by default (true)). When this token is used the user will be silently logged back on to the system for the lifetime of the token.

2. Web Session (Http Session/ Tomcat Session)

Lifetime of the web session is defined in the web.xml of each web-app (InfoViewApp.war, InfoViewAppActions.war, PlatformServices.war, AR.war and so on).

The default time-out value for each web-app is 20 minutes.

It is strongly recommended that when updating the time-out value for 1 web-app that all other web-apps are updated to an equal value.

3. Enterprise Session

InfoView will ping the Central Management Server (CMS) every two to three minutes.

The enterprise session will stay active for 10 minutes past the last ping from the client. 

4. CMS Failover Token

The default time-out is 30 minutes. This value can be configured through the CMS command line but it is strongly recommended that this value is not updated. Other BOE servers and applications use this value therefore updating this may produce unexpected timeout behavior.

Please Note that after the web session has timed out the silent logon does not return the user to their previous state.

Other impacts on Business Objects session management

There are additional processes that impact the session management.
The first is that the client pings the CMS every two to three minutes to keep the enterprise session alive.

When the web session has terminated this ping stops. At this point the enterprise session will wait for a period of 10 minutes. This is described as the idle time-out period.

Following the 10 minute idle time-out period there is an additional period of zero to 10 minutes (this process runs every 10 minutes) while the enterprise session is invalidated.

Once the enterprise session has been invalidated the current CMS enterprise session is returned (CMS session count drops).

Important Point:

It is recommended that the Idle Session Timeout value always exceeds the ping time.

Therefore the minimum recommended value for the Idle Session timeout is four minutes.
Once the enterprise session has been invalidated the CMS failover token will time-out after 30 minutes.
To summarize: Once the web session has terminated (timed out) there is an additional 50 minutes on the CMS before the user is actually timed out.

This assumes that the Default Token is disabled. If the default token has been enabled the user will be silently logged back on after this point (up to the lifetime of the default token – eight hours from when the user originally logged on).

User activity that interacts with the server during the 50 minutes period will re-create the enterprise session. In the users perspective they would be silently logged on to InfoView, even with the default token disabled.

The user will see some loss of state as this stored in the previous web session.

Web Session time-out (in .war file(s)) = 20 minutes
Logon Token = disabled
1. After 20 minutes of in activity the client stops pinging the CMS.   State information will be lost at this point.
2. Enterprise session stays alive for a period 10 minutes after last ping.
3. The enterprise session is invalidated after a period of 0-10 minutes. At this point the CMS session count drops.
4. The CMS Failover token times out after 30 minutes.
5. The InfoView user experiences the time-out after a total of 70 minutes.


BusinessObjects Enterprise XI 3.0 – InfoView and Central Management Console Session Management

Some Discussions:

Sessions remaining active in CMC

CMC Sessions – what constitute a session?

Sessions refresh in CMC not working properly

CMC Sessions

Multiple Sessions in CMC for the same user

CMC sessions shows that Administrator has 2 sessions

How to change session timeout settings in BO BI 4.1 SP1 for both launchpad and CMC

In Crystal Server CMC, how do I release session licenses?

Sessions kill and timing BI 4.0

Please feel free to comment and add more value to this post.



Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Rahul Verma
      Rahul Verma

      Good Start Onkar.

      Author's profile photo Former Member
      Former Member

      Hi Onkar ,

      Thanks for sharing this info.

      Could you please tell if this is applicable for BO 4.0.

      If not could you please share same sort of documentation on BO 4.0

      Regards ,


      Author's profile photo Onkar Velhal
      Onkar Velhal
      Blog Post Author

      Hi Abhinav,

      Yes this is applicable for BI 4.x. Conceptually, everything remains the same.

      However, if you need to change settings for default web applications the file structure is somewhat changed. You can find steps in Admin guide for the same.

      Note: BI 4.1 SP3 gives administrators leverage to kill any sessions from CMC> Sessions page. 😉



      Author's profile photo Former Member
      Former Member

      This is great stuff. I just have one question:

      I am maintaining an integration that uses the Java API to issue login tokens via Trusted authentication. We use the enterprise session to logon with a token, and I am thinking we should ping the CMS like InfoView does. Do you know how to do that with the Java API? Can we just do any method call that contacts the CMS (like getServiceNames())?

      Author's profile photo Onkar Velhal
      Onkar Velhal
      Blog Post Author

      I don't know much about Java API however, you can post same question in Java SDK community here:

      Java SDK Application Development

      Thank you.


      Author's profile photo Former Member
      Former Member

      Thanks, I'll do that.

      Author's profile photo Former Member
      Former Member

      Hi ,

      We are intermittently getting following error while browsing dashboards in BO 4.1 SP5 FP1 system:

      "Failover logon: logon should be retried, either the session exists on a different CMS or another thread of this CMS won in creating the session"

      Any idea what this error can relate to?



      Author's profile photo Onkar Velhal
      Onkar Velhal
      Blog Post Author

      I presume that you have a clustered environment.

      Failover logon would come into picture if user doesn't explicitly click on logoff. i.e the session was kept idle until timeout. If you try to login again the enterprise should log you in successfully.

      However, in a clustered environment the connection from client could be broken which should ideally mean that you should login.

      You can try following:
      If the dashboard is based on web service, increase session timeout in file for dswsbobje application (tomcat).

      Check if similar issue is observed using a single CMS.

      Add host file entries to all BI CMS server on client machines, reboot and try again.
      If this happens frequently you can trace CMS and check the logon request.

      In all cases relogin should work.

      Hope this helps.