Cognos Analytics

Cognos Analytics

Connect, learn, and share with thousands of IBM Cognos Analytics users! 

 View Only
  • 1.  During assessment, it has been observed that the user session does not expire when left idle for 15 minutes.

    Posted 8 hours ago

    Has anyone been hit with this during your scans. We were told with SSO there is no work around and we submitted an enhancement request years ago. We tried this with MFA using IdP and still does not take you back to the login screen. Cognos doesnt prompt for a new login.  Any recommendations or explanations you may have used to pass your internal audits ? 

    CWE-613: Insufficient Session Expiration

    The application did not invalidate the user session after 15 
    minutes of inactivity. Keeping the session valid for a longer
    period of time increases the chances of it being stolen, hijacked,
    or replayed. It can also lead to the unauthorized disclosure of
    sensitive information displayed within the browser window.



    ------------------------------
    James Hicks
    ------------------------------


  • 2.  RE: During assessment, it has been observed that the user session does not expire when left idle for 15 minutes.

    Posted 5 hours ago

    Hi James,

    In IBM Cognos Configuration, you need to change from Explorer pane, in Security / Authentication:

    to

    900 (instead of 3600). Save and restart Cognos Analytics.

    If you are a supported customer, I guess you need to contact IBM Support.

    Best regards,



    ------------------------------
    Patrick Neveu
    BSL Consulting
    IBM Champion
    ------------------------------



  • 3.  RE: During assessment, it has been observed that the user session does not expire when left idle for 15 minutes.

    Posted 3 hours ago

    Thanks . We did that but our compliance folks are requiring that that login screen shows up after timeout  and requires the user to re-do their credentials. Currently it does  timeout , but Cognos is passing the credentials behind the scenes and reverting back to the screen they were currently on.  

     

    Jim Hicks

    Product Manager

    Community Core

    C: (321)230-3627

    E: jim.hicks@fisglobal.com

    FIS | Advancing the way the world pays, banks and invests™ 

     

    The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.