cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How long CSRF token valid time is?

Go to solution
ArcherZhang
Advisor
Advisor

on ‎08-27-2015 8:58 AM

0 Kudos

Hi experts,

When test a update or a create operation of OData service, CSRF token needed, right.

So i wanna know how long one token valid for, 3 mins or 5 mins? or some setting at some where?

Regards,
Archer

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Private_Member_15166
Active Contributor
‎08-27-2015 9:11 AM
0 Kudos

Hi,

Check out this link.

Cross-Site Request Forgery Protection - SAP Gateway Foundation (SAP_GWFND) - SAP Library

It remains valid for 24 hours.

Here you may find it out.

  1. Release < 7.03/7.31 or the security session management is inactive: An own CSRF cookie gets generated (sap-XSRF_<SystemID>_<SAPClient>) and this CSRF token remains valid for 24 hours (86400 seconds).
  2. Release >= 7.03/7.31, the validity is bound to the security session, which depends on the system parameter http/security_session_timeout value (see transaction RZ11 for details on this parameter). By default, the security session management is active in these releases.


CSRF Protection - Connectivity - SAP Library

Show replies
Show replies
ArcherZhang
Advisor
Advisor
‎08-27-2015 9:22 AM
0 Kudos

I did not got answer from Google, so ask this simple question here. Thank you, Dhananjay.

regards,

Archer

Private_Member_15166
Active Contributor
‎08-27-2015 9:26 AM
0 Kudos

Welcome.

Answers (0)

Ask a Question