Skip to Content
author's profile photo Former Member
Former Member

Web UI Issue : Logon cookie check failed , repeat logon


We are facing 1 peculiar issue in our project.

If we login to Web UI & keep the session for inactive mode for more than specific time , the systems logs you out to the Web UI Log In Screen.

At this time if you enter the credentials the System Gives an Error message 'Logon cookie check failed , repeat logon'

If you enter the credentials again for Second time , it goes fine & you are able to log in to respective Business Role.

Any pointers why this happens & how to resolve this ?

I find 1 sap note 1617090 which gives some hints to change the XSRF Protecting in T-code SICF, but its quite old & not sure if its relevant.

Also its not clear which service I should change the settings in SICF.

Let me know if you have faced similar issue.



Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • Posted on Jul 27, 2016 at 11:13 AM

    Possible reason for the error: Error message ICF_SYSTEM_LOGIN 403
    "Logon cookie check failed; repeat logon"

    1) You have opened two browser windows and called the logon screen of the same system in both windows. You then enter the user and password on the first screen and submit the screen; the system issues the error message. The logon cookie of the second screen overwrites the logon cookie of the first screen in the browser. When you submit the first screen, the system now sends the logon cookie of the second screen and the check of the cookie in the back end fails.
    Do not open two logon windows for the same system at the same time. If you want to connect to the same system twice, call the logon screens one after the other.

    2) You activated the "Content Advisor". (For example, in Internet Explorer (IE): you choose "Tools -> Internet Options" and go to the "Content" tab.) If the Content Advisor is active, due to a (probably runtime-dependent) response from IE, the system calls the logon page twice and the logon cookie is overwritten. When you submit the logon, the error message then occurs. (See also:
    If you cannot deactivate the Content Advisor, your only option is to deactivate the XSRF protection as described in the solution. This problem occurs frequently when logging on to SAP Business ByDesign systems. We are in contact with the browser manufacturers to solve this problem.

    Solution to this problem:

    Set the logon cookie according to your requirements.

    Activate or deactivate the logon cookie
    You can configure whether the logon cookie is to be used and you can activate or deactivate it in the service settings. The default value depends on your release. The configuration switch is provided in transaction SICF. To access it, double-click a service to call the service settings and choose the "Error Pages" tab. On the "Logon Errors" tab page, choose the "Configuration" pushbutton for the system logon. In the system logon settings, set the "Deactivate Login XSRF Protection" indicator accordingly.

    Add a comment
    10|10000 characters needed characters exceeded

    • In CRM we use System Logon Page from NetWeaver. When logging on to the system the very first time, a ticket needs to be created which can be used for further requests to prevent additional logon. If the ticket is deleted or expires, you are prompted to logon. It can be seen in httpWatch Trace (Tab Cookies)

      • login/accept_sso2_ticket = 1
      • login/create_sso2_ticket = 2
      • login/ticket_expiration_time (10:00): defines the validity period of an SSO ticket.

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.