cancel
Showing results for 
Search instead for 
Did you mean: 

400 Session not found in web dynpro Java apps

Amey-Mogare
Contributor
0 Kudos

Hello,

I am aware that many questions related to same "400 Session not found" have been asked/discussed in many threads on SCN.

To name a few: -

SAP Notes seen:

1464914 - JSESSIONID cookie value is unexpectedly changed by the server

1395551 - Global configuration of session cookies

My Portal version : CE7.3 EHP1 SP9

However, I wanted to ask some more questions and share my observations and seek your opinion: -

1. I have observed that this error (attached screenshot) comes when: -

        a.  I open any Web Dynpro java application, (be it Content Admin, User Admin or any of my custom Web Dynpro Java app) and keep it idle for some              30-40 seconds.

        b. And then I click on any link/actionable UI on these idle application.

2. From these threads, I also understand that this is normal behavior as application has expired due to long idle time and session cookie sent to server is invalid. Fair enough.

3. But our end users are not happy to see such error trace page and its causing lot of incidents/complaints.

Is there any way to: -

     A. Make Portal server to accept request coming from such timed-out/idle application?

     B. Replace this error page with something more descent page?

Thanks & Regards,

Amey Mogare

Accepted Solutions (1)

Accepted Solutions (1)

hemanth2
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Amey,

Hope you are doing good.

Firstly, please increase the value of SecuritySessionIdGracePeriod as per SAP Note 1464914.

We have seen cases where we've advised values as high as 10 or even 30 seconds, but the downside of a high value is that in some special cases a second request from the client in that window of time set by the SecuritySessionIdGracePeriod could cause a request to fail which requires a new authentication or has a different session identifier.  This is unlikely in the small window of say 8 seconds.

Set the value to 8 seconds max as this should not cause any harm to the system and will be useful here.

It is also recommended to set the domain attribute to NONE as per SAP Note No. 1395551.

As the jsessionid cookie is used for session management when it is missing from the request headers the correct session could not be retrieved and as result new session will be created for that user.


If the issue still persists, we will need to check the httpwatch traces and detailed server node/ICM traces.

Thank you!

_____________

Kind Regards,

Hemanth

SAP AGS

Amey-Mogare
Contributor
0 Kudos

Hello Hemanth,

Thank you for elaborate & helpful reply.

As step-1, I am trying to set 'SecuritySessionIdGracePeriod' property as per SAP Note 1464914.

It just says "you can increase the value of the servlet_jsp service property SecuritySessionIdGracePeriod".


Could you please let me know 'how' & 'where' it needs to be changed?

And step-2, SAP Note 1395551, this can be done only via Config-tool, right?

Thanks & Regards,

Amey Mogare

hemanth2
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Amey,

Hope you are doing good.

Both properties can be changed via the config tool. Login to instance -> services-> servlet_jsp and check  if SecuritySessionIdGracePeriod property is there. If yes, make the change there.
If not, login to offline config tool-> cluster_config->instance->cfg->servces->servlet_jsp and in the property cheet the SecuritySessionIdGracePeriod property would be there.

The SAP Note 1395551 mentions how to make the domain change in configtool.

Thank you!

_____________

Kind Regards,

Hemanth

Amey-Mogare
Contributor
0 Kudos

Thanks Hemanth. It solved our problem.

Amey-Mogare
Contributor
0 Kudos

Hello Hemanth,

In addition to the requirement which is mentioned in my original post, we want to establish a global level timeout of 4 hrs for Portal.

For example, lets say I logon to Portal and do not perform any action/clicks for 4 hours.

And then, after 4 hours, when I click on any tab/link on Portal, it should show "session expired" or "session timed out" or something similar message.

Could you please advise how this can be achieved?

Thanks & Regards,

Amey Mogare

hemanth2
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Amey,

Hope you are doing good.
There are several parameters at play here which can be configured to attain this.
But as this is a different issue and so that others can also collaborate, please raise a new thread.

Kind regards,
Hemanth

Amey-Mogare
Contributor
0 Kudos

Yes Hemanth, agreed.


Raised below thread.


Answers (0)