cancel
Showing results for 
Search instead for 
Did you mean: 

How often JSESSIONID and JSESSIONMARKID get updated

Former Member
0 Kudos

Hi All,

Need some help in understanding the session cookies in the SAP NW AS Java. I am using SAP NetWeaver Application Server 7.20 / AS Java 7.30

I have a web page that makes concurrent requests to the NW server using jQuery-Ajax every 30seconds.

I am seeing the JSESSIONMARKID is getting updated very often(mostly every 30secs-1 min but not consistently)and the JSESSIONID gets updated every 1-2 mins but this is particular pattern.

My doubt is does the JSESSIONID gets updated every 1 or 2 mins? My assumption was that once JSESSIONID is issued it remains same and the server keeps track when was the last user activity and based on inactivity for configured period of time the session gets timed out and if user comes back after session out with a JSESSIONID, he will be redirected to login page.

Kindly help me in understanding the JSESSIONID and JSESSIONMARKID cookie update process.

Thanks in advance for your valuable reply.

Regards,

Praveen

Accepted Solutions (0)

Answers (2)

Answers (2)

floK
Participant
0 Kudos

Hi  Praveen

Take a look here:

Should solve your problem.

Kind regards,

Florian

cathal_ohare
Employee
Employee
0 Kudos

Hi Praveen,

Here is a very basic explanation.

The important cookie is the JSESSIONMARKID cookie, it should be changing with every new authenticated session (this is to protect the sessions against XSS attacks), the JSESSIONID cookie in the browser can be reused even though it would be assigned to a different session internally in the java system so that is why you don't see it change as much.

If you see the JSESSIONMARKID cookie not changing then it is most likely the same session. I hope this helps a little bit.

Kind regards,

Cathal