cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SLD does not work if the paramter SystemCookiesDataProtection in SLM is true.

fanglin_ye
Participant

on ‎05-07-2013 2:55 PM

0 Kudos

Hi all,

we have a SAP Solution Manager System (SLM). Our SLD-System (web application) runs on the server. If the security paramter "SystemCookiesDataProtection" in SLM has a value of "true", the SLD-System does not work. That means i can log in into the web application. But the links on the web page could not work. If i click one link, the following error was displayed: 500 internal server error. How can i fix the problem. thx.

regards,

Fanglin

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

fanglin_ye
Participant
‎06-06-2013 1:22 PM
0 Kudos

Hello,

i've found some information from http://help.sap.com/saphelp_nw04/helpdata/DE/5b/ac1a0a8b8d6b4da3b79a7fe0aeabd8/content.htm.

The following sentence is important:

For backward compatibility, by default the HttpOnly attribute is not enabled for use in system cookies. We recommend that you manually enable it after verifying that your applications do not rely on reading system cookies on the client side.

But how can i verify, that the SLD web application depends on reading system cookies? thx.

regards,

Fanglin

Show replies
Show replies
Former Member
‎05-14-2013 2:23 PM
0 Kudos

In addition to Former Member reply. About HttpOnly: Note 943336 - HttpOnly cookie attribute. Can you provide screenshot with error?

Show replies
Show replies
Vivek_Hegde
Active Contributor
‎05-07-2013 5:09 PM
0 Kudos

Hi,

May I know how did you conclude parameter SystemCookiesDataProtection is the reason for 500 Internal server error? Are you using HTTP or HTTPS? If you set SystemCookiesDataProtection is True then "httpOnly" indicator is set for system cookies.

You may go through following note:

Note 1503236 - Application
configuration due to J2EE security settings

Rgds,

Vivek

Show replies
Show replies
fanglin_ye
Participant
‎05-14-2013 4:12 PM
0 Kudos

Hello Vivek,

in our company we have a new security policy. There are three Properties, which have to be set true:

SessionIdRegeneration

SystemCookiesHTTPSProtection

SystemCookiesDataProtection

For the SLD Web-Application i use http connection. Maybe should i use https connection after security changing?

regards,

Fanglin

Former Member
‎05-07-2013 5:09 PM
0 Kudos

Hello Fanglin

The default value of "SystemCookiesDataProtection" is false. When this property is set to true, the use of HttpOnly attribute for system cookies is enabled. If the  HttpOnly attribute is set, certain browsers return empty value on JavaScript requests to access the system cookies. For backward compatibility, by default the HttpOnly attribute is not enabled for use in system cookies.

Thanks and regards

bala

Show replies
Show replies
fanglin_ye
Participant
‎05-14-2013 12:06 PM
0 Kudos

hello bala,

do you habe a list, which browsers do not return empty value on JavaScript requests to access the system cookies. We are using Internet Explorer version 8.0.6001.18702.

We have to set the value of "SystemCookiesDataProtection" true. Do you have a workaround for my problem? thx.

regards,

Fanglin

Ask a Question