Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Role of JSESSIONID in reauthentication?

Former Member

‎11-02-2011 3:45 PM

0 Kudos

Hi All,

We aree implementing a JAAS module that uses a.Net cookie for authentication. We hae that workign and are testing timeout scenarios among the various cookeis in play. As we expire thte session on the abap server we make our way back to the jaas module which is correct. It then should use the .Net cookei to reauthenticate and re-issue a new MYSAPSSO2 cookie. This happens but I want to be sure if the role of JSESSONID cookie. Is this used just to maintain state on java back end or might this cookie, which is the only cookie that remains intact in my trace, be actually be logging me in? If so need to set it's timeout down to 20 minutes to match the others.

Any ideas?

Thanks,

Doug

1 REPLY 1

martin_voros
Active Contributor

‎11-02-2011 10:16 PM

0 Kudos

No, I don't think that knowing JSESSIONID is enough for authentication. Check [documentation|http://help.sap.com/saphelp_nw04/helpdata/en/5b/ac1a0a8b8d6b4da3b79a7fe0aeabd8/content.htm] for more info. It's not really clear but doco says that if JSESSIONID is not present than it's ignore for session tracking.

Cheers