11-02-2011 3:45 PM
Hi All,
We aree implementing a JAAS module that uses a.Net cookie for authentication. We hae that workign and are testing timeout scenarios among the various cookeis in play. As we expire thte session on the abap server we make our way back to the jaas module which is correct. It then should use the .Net cookei to reauthenticate and re-issue a new MYSAPSSO2 cookie. This happens but I want to be sure if the role of JSESSONID cookie. Is this used just to maintain state on java back end or might this cookie, which is the only cookie that remains intact in my trace, be actually be logging me in? If so need to set it's timeout down to 20 minutes to match the others.
Any ideas?
Thanks,
Doug
11-02-2011 10:16 PM
No, I don't think that knowing JSESSIONID is enough for authentication. Check [documentation|http://help.sap.com/saphelp_nw04/helpdata/en/5b/ac1a0a8b8d6b4da3b79a7fe0aeabd8/content.htm] for more info. It's not really clear but doco says that if JSESSIONID is not present than it's ignore for session tracking.
Cheers