on 09-05-2014 11:53 PM
Hi All,
Need some help in understanding the session cookies in the SAP NW AS Java. I am using SAP NetWeaver Application Server 7.20 / AS Java 7.30
I have a web page that makes concurrent requests to the NW server using jQuery-Ajax every 30seconds.
I am seeing the JSESSIONMARKID is getting updated very often(mostly every 30secs-1 min but not consistently)and the JSESSIONID gets updated every 1-2 mins but this is particular pattern.
My doubt is does the JSESSIONID gets updated every 1 or 2 mins? My assumption was that once JSESSIONID is issued it remains same and the server keeps track when was the last user activity and based on inactivity for configured period of time the session gets timed out and if user comes back after session out with a JSESSIONID, he will be redirected to login page.
Kindly help me in understanding the JSESSIONID and JSESSIONMARKID cookie update process.
Thanks in advance for your valuable reply.
Regards,
Praveen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Praveen,
Here is a very basic explanation.
The important cookie is the JSESSIONMARKID cookie, it should be changing with every new authenticated session (this is to protect the sessions against XSS attacks), the JSESSIONID cookie in the browser can be reused even though it would be assigned to a different session internally in the java system so that is why you don't see it change as much.
If you see the JSESSIONMARKID cookie not changing then it is most likely the same session. I hope this helps a little bit.
Kind regards,
Cathal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.