Skip to Content

How long CSRF token valid time is?

Hi experts,

When test a update or a create operation of OData service, CSRF token needed, right.

So i wanna know how long one token valid for, 3 mins or 5 mins? or some setting at some where?


Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • Best Answer
    Posted on Aug 27, 2015 at 08:11 AM


    Check out this link.

    Cross-Site Request Forgery Protection - SAP Gateway Foundation (SAP_GWFND) - SAP Library

    It remains valid for 24 hours.

    Here you may find it out.

    1. Release < 7.03/7.31 or the security session management is inactive: An own CSRF cookie gets generated (sap-XSRF_<SystemID>_<SAPClient>) and this CSRF token remains valid for 24 hours (86400 seconds).
    2. Release >= 7.03/7.31, the validity is bound to the security session, which depends on the system parameter http/security_session_timeout value (see transaction RZ11 for details on this parameter). By default, the security session management is active in these releases.

    CSRF Protection - Connectivity - SAP Library

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.