on 04-23-2015 12:25 PM
Hi!
When a user logoff the portal - the session doesnt seem to terminate,
eg:
User A: Logon to the portal, run som applications from the backend (WDA), Logoff.
User B: Logon - using the same browser window as User A - now user B get the backend session of user A.
in the the backecn SICF_SESSIONS show that session management is activated,
In the portal - i have checked Session Management.
We have established trust between the portal and the backend.
Can i do something to assure that the user gets locked off?
i have implemented note:1717945
Br
Ronni
Hi Ronni,
Request you to check below OSS notes they might help you in this case.
1660720 - Session remains open after the logoff on enterprise portal
1717945 - Portal Logoff Does Not Logoff the Backend When Using HTTP Security Session Management
And for below OSS note there are few parameter checks in backend and backend services so you might need to get the help from your basis team to check on the Session managment in BAckend ABAP system and parameters.
1322944 - ABAP: HTTP security session management
1777513 - WebGUI logoff does not work
Let us know if this helps you.
Regards,
Ram
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi All!
Thanks alot for your inputs.
I looks like the problem has something to do with the users browser not allowing popup - and maybe som cookie issues.
Because it looks like it works on some machine but not all.
I wasnt able to install the HTTP trace tool due to rights. and the developer tools in IE did not show any call to the termination service.
But for now we will keep closing the browser window before logging in again.
Best regards
Ronni
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ronni,
Good day. You can check below notes about the session release agent and pop-up block issue this might help you more.
Regards,
Ram
Hi All!
Thanks alot for all you replies,
i will try them out / read the notes,
and see if i can fix it.
I will update this thread afterwards
br
Ronni
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Make sure the ICF logoff service is active in the backend. Use developer tools to trace network activity for other possible problems. Also make sure popups are not blocked for the portal nor the backend URLs.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Samuli -
the service is active,
and i tried the following:
So even if user A sessions are killed - they wil be recreated once a WDA application is run again. So somehow the client side / browser can reanbled the session - even though the previus user has been logged out..
Pretty strange..
br Ronni
That's expected with HTTP Security Session Management switched on. As long as the browser has a valid security context in the cache, a new session can be opened without re-authentication. I suggest you use developer tools to find out why the call to the ICF logoff service fails. Please share the exact versions of involved systems (portal, backend) including EHPs, SPs and patches.
User | Count |
---|---|
80 | |
9 | |
9 | |
7 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.