Skip to content
Pesquise para saber mais sobre produtos e soluções da InterSystems, oportunidades de carreira e muito mais.

Advisory: Authentication Timeout During Device Sleep Does Not Trigger Full Logout

This problem affects the following products:

  • HealthShare Unified Care Record® versions 2021.2 through 2024.1:
    • 2021.2
    • 2022.1
    • 2022.2
    • 2023.1
    • 2023.2
    • 2024.1

Requirements:

  • HealthShare Federated SSO

When a user logs in to the HealthShare clinical user interface, the application creates a browser session. If the user is inactive for a period of time that exceeds the application timeout, the following should occur:

  • the session expires.
  • the user is logged out of the application.
  • the browser redirects the user to the login page.
  • the user must log in again to continue using the application.

This application timeout defaults to 15 minutes.

Some devices, like laptops and tablets, are configured to enter a "device sleep" state for energy conservation.

If the device running the browser goes to sleep before the browser session expires, the session may not properly expire.

The effect of this is defect is that upon waking the device, the user is still logged in to a session that should have timed out due to the application timeout. On a shared device, this defect defeats the privacy risk mitigation effected by the timeout.

The correction for this defect is identified as HSIEO-11556 which is included in version 2024.2 and later product releases. It is also available for older versions via ad hoc change file (patch) or full kit.

RELATED TOPICS

Latest Alerts & Advisories

out. 07, 2025
Risk Category & Score Explicit Requirements DP-442892 InterSystems IRIS® data platform InterSystems IRIS® for Health HealthShare® Health Connect versions 2023.3.0, 2024.1.0 – 2024.1.3, 2024.2.0, 2024.3.0, and 2025.1.0 HealthShare® Unified Care Record versions 2024.2 and 2025.1 Wrong Results: High Risk Specific use of OUTER JOIN when the inner leg has an index on the join fields In InterSystems IRIS versions 2023.3.0, 2024.1.0 – 2024.1.3, 2024.2.0, 2024.3.0, and 2025.1.0, for queries that use an OUTER JOIN and where InterSystems IRIS performs parallel execution, the query may silently return wrong results.
out. 07, 2025
Risk Category & Score Explicit Requirements DP-443396 InterSystems IRIS® data platform InterSystems IRIS® for Health HealthShare® Health Connect versions 2024.1.0 – 2024.1.4, 2024.2.0, 2024.3.0, and 2025.1.0, and 2025.1.1 HealthShare® Unified Care Record versions 2024.2 and 2025.1 Wrong Results: Low Risk Using Common Table Expressions in Dynamic SQL
out. 07, 2025
Risk Category & Score Explicit Requirements HSHC-5268 HealthShare® Health Connect and InterSystems IRIS® for Health versions 2025.1.1 Functional: Medium Risk Occurs when performing SDA3 -> FHIR transformations involving the Encounter resource.
set. 30, 2025
In InterSystems IRIS, InterSystems IRIS for Health, and HealthShare Health Connect, versions 2025.1.1 and 2025.2.0, the new “ Mirror Database Download” functionality does not include certain globals.
set. 24, 2025
Risk Category & Score Explicit Requirements DP-444551 InterSystems IRIS® data platform InterSystems IRIS® for Health HealthShare® Health Connect versions 2025.1.0, 2025.1.1, and 2025.2
set. 03, 2025
Risk Category & Score Explicit Requirements DP-442440 InterSystems IRIS ® data platform 2025.1.1.308.0 InterSystems IRIS for Health HealthShare® Health Connect Operational:
jul. 23, 2025
InterSystems IRIS 2025.2 introduces the IRISSECURITY database, the new home for security data. Unlike IRISSYS, the previous home for security data, IRISSECURITY can be encrypted, which secures your sensitive data at rest. In a future version, IRISSECURITY will be mirrorable.
jul. 23, 2025
InterSystems is pleased to announce the General Availability (GA) of the 2025.2 release of InterSystems IRIS® data platform. This is a Continuous Delivery (CD) release. Please note that the GA versions of InterSystems IRIS for Health™ and HealthShare® Health Connect™ 2025.2 are currently withheld due to mirroring limitations introduced by security updates (details below).
jun. 10, 2025
Advisory ID Product & Versions Affected Risk Category & Score Explicit Requirements DP-439649 Products:
mai. 20, 2025
This issue affects all versions of HealthShare®: