400 Session not found in web dynpro Java apps

Hello,

I am aware that many questions related to same "400 Session not found" have been asked/discussed in many threads on SCN.

To name a few: -

SAP Notes seen:

1464914 - JSESSIONID cookie value is unexpectedly changed by the server

1395551 - Global configuration of session cookies

My Portal version : CE7.3 EHP1 SP9

However, I wanted to ask some more questions and share my observations and seek your opinion: -

1. I have observed that this error (attached screenshot) comes when: -

        a.  I open any Web Dynpro java application, (be it Content Admin, User Admin or any of my custom Web Dynpro Java app) and keep it idle for some              30-40 seconds.

        b. And then I click on any link/actionable UI on these idle application.

2. From these threads, I also understand that this is normal behavior as application has expired due to long idle time and session cookie sent to server is invalid. Fair enough.

3. But our end users are not happy to see such error trace page and its causing lot of incidents/complaints.

Is there any way to: -

     A. Make Portal server to accept request coming from such timed-out/idle application?

     B. Replace this error page with something more descent page?

Thanks & Regards,

Amey Mogare

error.jpg (141.4 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    Jul 02, 2014 at 02:13 PM

    Hi Amey,

    Hope you are doing good.

    Firstly, please increase the value of SecuritySessionIdGracePeriod as per SAP Note 1464914.

    We have seen cases where we've advised values as high as 10 or even 30 seconds, but the downside of a high value is that in some special cases a second request from the client in that window of time set by the SecuritySessionIdGracePeriod could cause a request to fail which requires a new authentication or has a different session identifier.  This is unlikely in the small window of say 8 seconds.

    Set the value to 8 seconds max as this should not cause any harm to the system and will be useful here.

    It is also recommended to set the domain attribute to NONE as per SAP Note No. 1395551.

    As the jsessionid cookie is used for session management when it is missing from the request headers the correct session could not be retrieved and as result new session will be created for that user.


    If the issue still persists, we will need to check the httpwatch traces and detailed server node/ICM traces.

    Thank you!

    _____________

    Kind Regards,

    Hemanth

    SAP AGS

    Add comment
    10|10000 characters needed characters exceeded

Skip to Content