This problem affects the following products:
- HealthShare Unified Care Record® versions 2021.2 through 2024.1:
- 2021.2
- 2022.1
- 2022.2
- 2023.1
- 2023.2
- 2024.1
Requirements:
- HealthShare Federated SSO
When a user logs in to the HealthShare clinical user interface, the application creates a browser session. If the user is inactive for a period of time that exceeds the application timeout, the following should occur:
- the session expires.
- the user is logged out of the application.
- the browser redirects the user to the login page.
- the user must log in again to continue using the application.
This application timeout defaults to 15 minutes.
Some devices, like laptops and tablets, are configured to enter a "device sleep" state for energy conservation.
If the device running the browser goes to sleep before the browser session expires, the session may not properly expire.
The effect of this is defect is that upon waking the device, the user is still logged in to a session that should have timed out due to the application timeout. On a shared device, this defect defeats the privacy risk mitigation effected by the timeout.
The correction for this defect is identified as HSIEO-11556 which is included in version 2024.2 and later product releases. It is also available for older versions via ad hoc change file (patch) or full kit.