Description:

Is there any recommendation on which timeout should be greater in order to capture audit or control data. If the user time's out before the session, does the session ending message show the userid or is the userid missing? Does the session need to end first to retain the userid for the session ending message?

Solution:

The USERID would be maintained after a user timeout, IF the user timeout occurred with ACTIVE sessions.
As long as there are active sessions for a user, that user's control blocks are maintained in a "disconnected" state even after a TIMEOUT sequence is implemented.