4 Replies Latest reply: Sep 17, 2013 11:29 AM by Jeremy Treague RSS

    How to expire EBS user sessions on shared workstations/kiosks

    Jeremy Treague

      My organization is using Oracle Applications Release 12.1.3.


      Recently we have deployed several shared kiosks to multiple internal locations which our employees use to access information within Oracle Applications, including pay advice and compensation information.


      One challenge we are facing is that if a user accesses his/her personal information (such as pay stub details) and then browses to another web site (such as weather.com) without logging out of EBS, the user's session cookie remains active.   Another user can then go to the kiosk, press the browser "back", and is able to see the prior user's confidential information.


      One way we are trying to avoid this is by training users to always log off of EBS, using the "logout" hyperlink which expires the user's EBS session and prevents the next user from being able to access his/her information using the browser "back" button. However we can't always count on this.


      I would like to know if other companies have put other controls or measures in place to forcefully expire a user's EBS session in cases where the user doesn't click the "logout" hyperlink (such as if going to another web site or simply closing the browser window).  Greatly appreciate any feedback or recommendations from the community on this topic.  It seems as though it is a common challenge for companies using shared kiosks / workstations within their organizations.