Skip to Content
avatar image
Former Member

How often JSESSIONID and JSESSIONMARKID get updated

Hi All,

Need some help in understanding the session cookies in the SAP NW AS Java. I am using SAP NetWeaver Application Server 7.20 / AS Java 7.30

I have a web page that makes concurrent requests to the NW server using jQuery-Ajax every 30seconds.

I am seeing the JSESSIONMARKID is getting updated very often(mostly every 30secs-1 min but not consistently)and the JSESSIONID gets updated every 1-2 mins but this is particular pattern.

My doubt is does the JSESSIONID gets updated every 1 or 2 mins? My assumption was that once JSESSIONID is issued it remains same and the server keeps track when was the last user activity and based on inactivity for configured period of time the session gets timed out and if user comes back after session out with a JSESSIONID, he will be redirected to login page.

Kindly help me in understanding the JSESSIONID and JSESSIONMARKID cookie update process.

Thanks in advance for your valuable reply.

Regards,

Praveen

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • avatar image
    Former Member
    Sep 18, 2014 at 12:20 PM

    Hi Praveen,

    Here is a very basic explanation.

    The important cookie is the JSESSIONMARKID cookie, it should be changing with every new authenticated session (this is to protect the sessions against XSS attacks), the JSESSIONID cookie in the browser can be reused even though it would be assigned to a different session internally in the java system so that is why you don't see it change as much.

    If you see the JSESSIONMARKID cookie not changing then it is most likely the same session. I hope this helps a little bit.

    Kind regards,

    Cathal

    Add comment
    10|10000 characters needed characters exceeded

  • Sep 19, 2014 at 10:00 AM

    Hi  Praveen

    Take a look here: Implementing Secure Session Management for SAP NetWeaver Java Web Application Solutions

    Should solve your problem.

    Kind regards,

    Florian

    Add comment
    10|10000 characters needed characters exceeded