We are in the process of implementing CRM 5.2 Web Client and are also implementing the B2B ICSS (Internet Customer Self Service) application for our customers and partners. My question is regarding the encoding of session IDs on AS Java. The CRM Web App uses Url64-encoded session IDs so all internal server information for the stateful application is not visible in the URL. The B2B ICSS application is on AS Java, and does not appear to use the same URL encoding scheme for the session ID.
Also, I should note we are using a Web Dispatcher for Reverse Proxy, Load Balancing, and URL Access Control.
ICSS URL (AS Java):
http://[alias hostname]/icss_b2b/resetSession2.do;jsessionid=([internal hostname]_CRD_00)ID0302800850DB00171010904548017364End;saplb_*=([internal hostname]_CRD_00)3491750?Standalone=yes&showmodulename=false
CRM URL (AS ABAP):
http://[alias hostname]/sap(bD1lbiZjPTIwMCZkPW1pbg==)/crm_logon/default.htm
I have referenced the below documentation on ABAP vs Java Session IDs. Does anyone know how/if the AS Java session information can be encoded in the URL so as to mask all internal information?
Session Identifiers:
http://help.sap.com/saphelp_nw70/helpdata/EN/93/33b504f33cb9468bf35f8fbda11294/frameset.htm
thanks,
John
Edited by: Stelling John on Nov 10, 2008 8:11 AM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.