change R12 session time out

Set E-Business Suite Timeout Parameters and Profiles

An unattended PC without the screen locked poses a security risk.  Likewise, an unattended or long running E-Business Suite user session can also pose a risk.  The E-Business Suite provides many configuration parameters and profile settings to control user sessions.  I recommend reviewing these against your existing corporate policies and setting them according to our recommendations after testing their impact.  The following sections describe those items that I recommend setting.

  • ICX Timeout Profile Values
The following E-Business Suite profile options control screen timeouts for Forms, as well as Self Service sessions.  Again, please note, some of the ICX profiles also control Forms Session timeouts!  This can be confusing since Inter-Cartridge Exchange (ICX) is often associated with Self Service applications. This is no longer the case since the release of Framework for the ICX Profiles control the timeout functionality.

Parameter
Default
Recommendation
ICX:Session Timeout
None
30 (minutes)
ICX: Limit Time
4 (hours)
4 (hours)
ICX: Limit Connect
1000
2000
·         ICX:Session Timeout - This profile option determines the length of time (in minutes) of inactivity in a user's form session before the session is disabled.  Note that disabled does not mean terminated or killed.  The user is provided the opportunity to re-authenticate and re-enable their timed-out session. If the re-authentication is successful, the disabled session is re-enabled and no work is lost. Otherwise, the session is terminated without saving pending work.  This functionality is available via Patch 2012308 (included in 11.5.7, FND.E).  Note: Setting the profile value to greater than 30 minutes can drain the JVM resources and cause ‘out of memory’ errors.
·         ICX: Limit time - This profile option defines the maximum connection time for a connection – regardless of user activity.  If 'ICX:Session Timeout' is set to NULL, then the session will last only as long as 'ICX: Limit Time', regardless of user activity. 
·         ICX: Limit connect - This profile option defines the maximum number of connection requests a user can make in a single session. Note that other EBS internal checks will generate connection requests during a user session, so it is not just user activity that can increment the count. 
§         CRM Application Timeout Profile Values
CRM applications use the afore-mentioned ICX timeout profiles (ICX:Session Timeout, ICX: Limit Time, and ICX: Limit Connect), but additionally, CRM also utilizes the  JTF_INACTIVE_SESSION_TIMEOUT profile option.

Parameter
Default
Recommendation
JTF_INACTIVE_SESSION_TIMEOUT
None
30 (minutes)
JTF_INACTIVE_SESSION_TIMEOUT - This profile option affects CRM-based products only, and serves the same purpose as the ICX:Session Timeout profile. This profile option exists for legacy reasons, and its value should be set the same as ICX:Session Timeout.
  • Jserv (Java) Timeout Settings
     
Parameter
Recommendation
disco4iviewer.properties:session.timeout
5400000 (milliseconds)
formservlet.ini:FORMS60_TIMEOUT
55 (minutes)
formservlet.properties:session.timeout
5400000 (milliseconds)
jserv.conf:ApJServVMTimeout
360  (seconds)
mobile.properties:session.timeout
5400000 (milliseconds)
zone.properties:session.timeout
5400000 (milliseconds)
zone.properties:servlet.framework.initArgs
5400000 (milliseconds)
These settings are located at: ../*ora/iAS/Apache/Jserv/etc
JServ Timeout is specified by the value of the property session.timeout in the JServ configuration file zone.properties, and represents the number of milliseconds to wait before ending an idle JServ session (the default is 30 minutes).  This timeout is used by products based on Oracle Applications Framework (OAF).   
  • Apache HTTP Timeout Settings
The following parameter settings control timeout behavior within Apache.
Parameter
Recommendation
httpd.conf:Timeout
300 (seconds)
httpd.conf:KeepAliveTimeout
15 (seconds)
httpd.conf:SSLSessionCacheTimeout
300 (seconds)
These settings are located: ../*ora/iAS/Apache/Apache/conf
  • Forms 60 Environment Timeout Variables
The following parameter settings control timeout behavior within Oracle Forms.
Parameter
Recommendation
FORMS60_TIMEOUT
55 (minutes)
FORMS60_CATCHTERM
0
You should modify the APPL_TOP/.env setting to include the following settings:
FORMS60_CATCHTERM=0
FORMS60_TIMEOUT=55 (minutes) 
I recommend using a timeout value of 55 because it is less than the 60 minute value recommended for the web apache timeout values.  Note that these values may vary depending on security policies.
  • Oracle Single Sign-On Server Timeouts
The following parameter setting controls timeout behavior within Oracle Single Sign-On. 
‘Single Sign-On Session Duration’ represents the number of hours a user can be logged in to the server without being timed out and having to log in again. This timeout value can be specified from the "Edit SSO Server Configuration" link on the SSO Server Administration page.  When a user logs in to Release 11i via the Single Sign-On Server, an SSO login session is created and remains valid for the duration specified by this setting. 



No comments:

ORA-01552: cannot use system rollback segment for non-system tablespace 'TEMP'

 ORA-01552: cannot use system rollback segment for non-system tablespace "string" Cause: Used the system rollback segment for non...