Skip to Content

400 Session not found in web dynpro Java apps


I am aware that many questions related to same "400 Session not found" have been asked/discussed in many threads on SCN.

To name a few: -

SAP Notes seen:

1464914 - JSESSIONID cookie value is unexpectedly changed by the server

1395551 - Global configuration of session cookies

My Portal version : CE7.3 EHP1 SP9

However, I wanted to ask some more questions and share my observations and seek your opinion: -

1. I have observed that this error (attached screenshot) comes when: -

a. I open any Web Dynpro java application, (be it Content Admin, User Admin or any of my custom Web Dynpro Java app) and keep it idle for some 30-40 seconds.

b. And then I click on any link/actionable UI on these idle application.

2. From these threads, I also understand that this is normal behavior as application has expired due to long idle time and session cookie sent to server is invalid. Fair enough.

3. But our end users are not happy to see such error trace page and its causing lot of incidents/complaints.

Is there any way to: -

A. Make Portal server to accept request coming from such timed-out/idle application?

B. Replace this error page with something more descent page?

Thanks & Regards,

Amey Mogare

error.jpg (141.4 kB)
Add a comment
10|10000 characters needed characters exceeded

Related questions

1 Answer

  • Best Answer
    Posted on Jul 02, 2014 at 02:13 PM

    Hi Amey,

    Hope you are doing good.

    Firstly, please increase the value of SecuritySessionIdGracePeriod as per SAP Note 1464914.

    We have seen cases where we've advised values as high as 10 or even 30 seconds, but the downside of a high value is that in some special cases a second request from the client in that window of time set by the SecuritySessionIdGracePeriod could cause a request to fail which requires a new authentication or has a different session identifier. This is unlikely in the small window of say 8 seconds.

    Set the value to 8 seconds max as this should not cause any harm to the system and will be useful here.

    It is also recommended to set the domain attribute to NONE as per SAP Note No. 1395551.

    As the jsessionid cookie is used for session management when it is missing from the request headers the correct session could not be retrieved and as result new session will be created for that user.

    If the issue still persists, we will need to check the httpwatch traces and detailed server node/ICM traces.

    Thank you!


    Kind Regards,



    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.