Session management in Blackboard Learn

When a user logs into Blackboard Learn, a session is created. This session is what allows the user to continue to access the application uninterrupted. As long as the session is active, the user can continue to use the system without logging in again.

This session will continue to be active as long as the user continues to interact with the application. The user's session will be timed out if they don't click within Blackboard Learn and are inactive for a certain timeframe. When the user attempts to access the Blackboard Learn system again, they will be prompted to log in.

Special considerations for custom single sign-on (SSO) authentication providers

If you use custom single sign-on (SSO) authentication providers such as CAS or SAML for your Blackboard Learn environment, two separate sessions are created and used when a user logs in with that provider: one for the SSO session and one for the Blackboard Learn session. These sessions are independent and may have different expiration timeframes. The SSO session is commonly configured to have a longer lifetime than the Blackboard Learn session, but this could vary depending on the installation.

You can configure a Blackboard Learn logout to trigger a SSO session logout. This is known as a single logout. Without this configuration, when a user logs out of Blackboard Learn, that action will only stop the Blackboard session. The SSO session remains active, so the user's web browser may still have access to other SSO applications or even Blackboard Learn again. If single logout is configured, both sessions will be destroyed at the time of logout and the user will need to log in again to access any SSO application.

Most SSO solutions are configured to destroy the session token and effectively stop the user's session when the browser is closed. To protect user security, we recommend that you advise your users to close their browsers when using any SSO solution, regardless of whether you use one with Blackboard Learn.

Session timeout warning for Original Course View

When a user is idle for over three hours the session ends. A user must login again to continue to use Learn. If a user saves a page or selects a button, the session refreshes and stays active for three more hours. There can be times a user is working but considered idle.

This happens because the browser is not sending data to Learn. Some examples are when a user is:

  • authoring a Discussion Board post,
  • authoring an Assignment submission in the text editor in Learn, or
  • creating a Content Item.

Users whose session is ending soon will receive a warning. This warning will appear at least six minutes before the session times out. If the user closes the warning before the session ends, the session will extend for three more hours. The goal is to help users who have been authoring for an exceptionally long time not to lose their work.

A user away from the computer for an extended time will receive the warning. Yet the user will not be able to extend their session. When the user closes the warning, they will return to the current page instead of returning to the login page. This allows the user to copy anything authored before it is lost. A user in this situation will redirect to the login page when they select any link or button on the page.

Image 1. Session Expiring Soon warning

Session expiring soon warning modal message

For a user who was away from their computer for a long time it will be unclear when the warning appeared. Thus, the user will not know if the session renewed or not.