IBM Support

CDM Session timeout

Technote (troubleshooting)


User has left their CDM session idle for some time and are required to log back on.

Below is error logged into the AllErrors.log

This TN describes the default timeouts for CDM sessions. Caution should be exercised before changing these settings.


920 [8] ERROR Ibm.CognosDM.Services.Exceptions.CdmErrorHandler - (null) Error Code: 'CoreSecurityTokenIsInvalid'. Exception Token: 'b288d72c-82c1-46c3-a276-de56c200efd4'.Security token must be renewed. Action: '' ? ? ? Ibm.CognosDM.BusinessLogic.Security.Authentication.AuthenticationException: Error Code: 'CoreSecurityTokenIsInvalid'. Exception Token: 'b288d72c-82c1-46c3-a276-de56c200efd4'.Security token must be renewed. Action: ''
at Ibm.CognosDM.BusinessLogic.Security.Authorization.SecurityTokenAuthorizationBusinessLogic.AuthorizeUserSessionInternal(UserSession userSession)
at Ibm.CognosDM.BusinessLogic.Security.Authorization.SecurityTokenAuthorizationBusinessLogic.AuthorizeSecurityToken(String securityToken)
at Ibm.CognosDM.Services.CustomHeaders.SecurityToken.SecurityTokenBehaviorAttribute.SecurityTokenMessageInspector.AuthorizeSecurityToken(String securityToken)
at Ibm.CognosDM.Services.CustomHeaders.SecurityToken.SecurityTokenBehaviorAttribute.SecurityTokenMessageInspector.AfterReceiveRequest(Message& request, IClientChannel channel, InstanceContext instanceContext)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.AfterReceiveRequestCore(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage2(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)


User has reached the idle session timeout

Resolving the problem

CDM includes two settings related to user session expiration.
In the Config\CDM.config file on the server, you can find the following section:

<SessionExpiration enabled="true" timeAfterLogOn="1.00:00:00" acceptedIdleTime="02:00:00" />

- The "timeAfterLogOn" setting is the time after log on for which a session is valid, regardless of user activity. After this time expires, you must log in again. Default setting is 1 day (24 hours).
- The "acceptedIdleTime" setting is the time of inactivity after which the session expires. Default setting is 2 hours.

The format for both settings is "[d.]hh:mm:ss", where [d.] is the optional number of days.
1 day = 24 hours: 1.00:00:00
12 hours: 12:00:00
5 minutes: 00:05:00

IMPORTANT: The two settings are related to the security of the user session. You should only change them when they get in the way of a business scenario. Even in this case, do not make them bigger than necessary for the specific business scenario you want to allow (e.g. if you want the session to not expire in case of a long lunch break, set the "acceptedIdleTime" value to 3 hours).

Document information

More support for: Cognos Disclosure Management
Cognos Disclosure Management

Software version: 10.2, 10.2.1

Operating system(s): Windows

Reference #: 1642987

Modified date: 04 July 2013

Translate this page: