This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.
TrueSight Presentation Server
TrueSight Presentation Server 11.0 RSSO 9
TSPS integrated with TrueSight Capacity does not enforce the "Max Session Count per User" setting defined in TSCO Console. Meaning this component is vulnerable to DOS attacks and/or can't control external users API programs that may cause outages to the overall environment.
We explained that RSSO would see multiple tabs as a single session (one authentication token) -- so a session limit wouldn't help there. We explained that TSPS doesn't currently have any APIs that a capacity user would be accessing. The RESTful APIs exist on the TSCO side and an RSSO Session Limit wouldn't throttle API activity and the existing TSCO UI session limit doesn't throttle API activity.
The workaround for the time being is to use a script to control the number of sessions. The script is attached - SessionLimit.sql.
The script should be placed into a regular job on OS or DB level.
The frequency should be decided by the time period required to make sure there is no session limit violation.
Please note, that Agent has 3 minute session validation time frame by default. So It makes sense to set the DB script periodic time Agent session validation timeout.
In case the Agent has 3 minute session validation timeout it will be enough to set DB script to run in 2-2.5 min regularly
We have opened request for enhancement - QM002359162 to address the want for the session limits to be enforced in TSPS through RSSO. We hope to add this functionality to a future release.