on 05-07-2013 2:55 PM
Hi all,
we have a SAP Solution Manager System (SLM). Our SLD-System (web application) runs on the server. If the security paramter "SystemCookiesDataProtection" in SLM has a value of "true", the SLD-System does not work. That means i can log in into the web application. But the links on the web page could not work. If i click one link, the following error was displayed: 500 internal server error. How can i fix the problem. thx.
regards,
Fanglin
Hello,
i've found some information from http://help.sap.com/saphelp_nw04/helpdata/DE/5b/ac1a0a8b8d6b4da3b79a7fe0aeabd8/content.htm.
The following sentence is important:
For backward compatibility, by default the HttpOnly attribute is not enabled for use in system cookies. We recommend that you manually enable it after verifying that your applications do not rely on reading system cookies on the client side.
But how can i verify, that the SLD web application depends on reading system cookies? thx.
regards,
Fanglin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
In addition to Former Member reply. About HttpOnly: Note 943336 - HttpOnly cookie attribute. Can you provide screenshot with error?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
May I know how did you conclude parameter SystemCookiesDataProtection is the reason for 500 Internal server error? Are you using HTTP or HTTPS? If you set SystemCookiesDataProtection is True then "httpOnly" indicator is set for system cookies.
You may go through following note:
Note 1503236 - Application
configuration due to J2EE security settings
Rgds,
Vivek
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Vivek,
in our company we have a new security policy. There are three Properties, which have to be set true:
SessionIdRegeneration
SystemCookiesHTTPSProtection
SystemCookiesDataProtection
For the SLD Web-Application i use http connection. Maybe should i use https connection after security changing?
regards,
Fanglin
Hello Fanglin
The default value of "SystemCookiesDataProtection" is false. When this property is set to true, the use of HttpOnly attribute for system cookies is enabled. If the HttpOnly attribute is set, certain browsers return empty value on JavaScript requests to access the system cookies. For backward compatibility, by default the HttpOnly attribute is not enabled for use in system cookies.
Thanks and regards
bala
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hello bala,
do you habe a list, which browsers do not return empty value on JavaScript requests to access the system cookies. We are using Internet Explorer version 8.0.6001.18702.
We have to set the value of "SystemCookiesDataProtection" true. Do you have a workaround for my problem? thx.
regards,
Fanglin
User | Count |
---|---|
84 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.