cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CSRF Data with token but missing cookie

Go to solution
Former Member

on ‎04-04-2013 3:10 PM

0 Kudos

Hello everybody,

I'm working on a way to create and update entities with OData and Netweaver Gateway using the generated sources of the XCode Developer Tool.

When requesting the CRSF token and cookie, I only retrieve the token, the cookie is not present.

Can someone help?

Cheers,

Johannes

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

arunchembra1
Participant
‎04-10-2013 6:17 AM
0 Kudos

Hi Johannes,

First you just check the service is working fine or not for that you can follow the below mentioned steps.

Steps:

1. Goto this link - chrome://restclient/content/restclient.html in mozila firefox.

2. Add header as shown in the attached image.

3. Call your service, check you are able to see Cookie in Response Headers.

Thanks,

Arun

Show replies
Show replies
Former Member
‎04-10-2013 9:57 AM
0 Kudos

Hi Arun,

thanks for your Reply.

When I request it with the RESTClient, I receive the "x-csrf-token" in the header fields as well as two cookies. One called "MYSAPSSO2" and one "SAP_SESSIONID_XYZ_123". But the cookie for CRSF is missing.

Cheers,

Johannes

Former Member
‎04-23-2013 4:19 PM
0 Kudos

Same Problems here, solved it by creating my own cookie

open

SDMConnectivityHelper.m

search for

-(CSRFData *)getCSRFDataForServiceQuery:(ODataQuery *)aServiceQuery

replace

// if the CSRF cookie or CSRF Token is nil, the whole CSRF data is considered as invalid

    if (csrfData.token == nil || (csrfData.cookie == nil && csrfData.cookies == nil)) {

        NSDictionary *cookieDictionary = [NSMutableDictionary

                                       dictionaryWithObjectsAndKeys:@".mycompanydomain.com", NSHTTPCookieDomain,

                                       @"sap-XSRF_DV2_210", NSHTTPCookieName,

                                       @"/", NSHTTPCookiePath,

                                       @"X-CSRF-Token", NSHTTPCookieValue,

                                       @"2099-01-01 00:00:01 -0700", NSHTTPCookieExpires, nil];

        NSHTTPCookie *cookie = [NSHTTPCookie cookieWithProperties:cookieDictionary];

        csrfData.cookie = cookie;

        return csrfData;

    }

Regards,

Christian

Former Member
‎04-25-2013 6:31 PM
0 Kudos

Hi Christian,

thank you very much for your reply. Now it is working.

Though it is only a workaround. Can somebody provide me with a solution that solves the issue in the Gateway itself?

Cheers,

Johannes

constantin_freiherrteuffe
Discoverer
‎10-28-2013 9:55 AM
0 Kudos

Hi Christian,

i have the same problem. I'm created an odata service to create new data. The first time i create the Token and it's work. But at the second time, i want to create the token and get the token string but no cookie.

I can not create my own cookie, because i need the gateway name. If i create my own cookie, it will be work on my system but not at the customer system.

Do you have any idea how I can solve this problem.

Regards,

Constantin

Answers (3)

Answers (3)

former_member93735
Explorer
‎05-13-2019 5:32 AM
0 Kudos

https://launchpad.support.sap.com/#/notes/2584064

Show replies
Show replies
DAlpers
Explorer
‎02-10-2014 8:08 PM
0 Kudos

Hi Johannes,

I have the same problem, I'm using the xcode Proxy generation tool and this was no Problem wilt NetWeaver < 7.4 - last week we made an update to NetWeaver 7.4 and the actual GW Version and we have the same Problem. We get the token but now cookie! Which NetWever and GW Version ar you using? Version

Do you have an answer for this problem. I'm going to try the workaround, but this is not a solution for the  future!

Best Regards

Dominik

Show replies
Show replies
DAlpers
Explorer
‎02-11-2014 3:01 PM
0 Kudos

Hi Jahannes,

we solved the problem. After the upgrade "stateful connections with session" was activated. For our iOS implementation (generated by the iOS proxy Generation Tool), we have to disable the security context in the SICF_SESSIONS Transaction.

Thanks to VLAD:

Regards

Dominik

Benedikt3
Participant
‎10-28-2013 1:35 PM
0 Kudos

hi johannes,

if you wan`t not to create an own cookie, you can add the csrf-token to the header by hand.

But you have to do this with all write request-objects.....

Regards,
Benedikt

Show replies
Show replies
Ask a Question