cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Web UI Issue : Logon cookie check failed , repeat logon

Former Member

on ‎07-03-2016 1:50 PM

0 Kudos

Hi,

We are facing 1 peculiar issue in our project.

If we login to Web UI & keep the session for inactive mode for more than specific time , the systems logs you out to the Web UI Log In Screen.

At this time if you enter the credentials the System Gives an Error message 'Logon cookie check failed , repeat logon'

If you enter the credentials again for Second time , it goes fine & you are able to log in to respective Business Role.

Any pointers why this happens & how to resolve this ?

I find 1 sap note 1617090 which gives some hints to change the XSRF Protecting in T-code SICF, but its quite old & not sure if its relevant.

Also its not clear which service I should change the settings in SICF.

Let me know if you have faced similar issue.

regards,

Sagar

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Varun_Agarwal
Advisor
Advisor
‎07-27-2016 12:13 PM
0 Kudos

Possible reason for the error: Error message ICF_SYSTEM_LOGIN 403
"Logon cookie check failed; repeat logon"
---------------------------------------------------------------------

1) You have opened two browser windows and called the logon screen of the same system in both windows. You then enter the user and password on the first screen and submit the screen; the system issues the error message. The logon cookie of the second screen overwrites the logon cookie of the first screen in the browser. When you submit the first screen, the system now sends the logon cookie of the second screen and the check of the cookie in the back end fails.
Do not open two logon windows for the same system at the same time. If you want to connect to the same system twice, call the logon screens one after the other.

2) You activated the "Content Advisor". (For example, in Internet Explorer (IE): you choose "Tools -> Internet Options" and go to the "Content" tab.) If the Content Advisor is active, due to a (probably runtime-dependent) response from IE, the system calls the logon page twice and the logon cookie is overwritten. When you submit the logon, the error message then occurs. (See also: http://support.microsoft.com/kb/924456.)
If you cannot deactivate the Content Advisor, your only option is to deactivate the XSRF protection as described in the solution. This problem occurs frequently when logging on to SAP Business ByDesign systems. We are in contact with the browser manufacturers to solve this problem.

Solution to this problem:

Set the logon cookie according to your requirements.

Activate or deactivate the logon cookie
-------------------------------------
You can configure whether the logon cookie is to be used and you can activate or deactivate it in the service settings. The default value depends on your release. The configuration switch is provided in transaction SICF. To access it, double-click a service to call the service settings and choose the "Error Pages" tab. On the "Logon Errors" tab page, choose the "Configuration" pushbutton for the system logon. In the system logon settings, set the "Deactivate Login XSRF Protection" indicator accordingly.

Show replies
Show replies
Varun_Agarwal
Advisor
Advisor
‎07-27-2016 12:17 PM
0 Kudos

In CRM we use System Logon Page from NetWeaver. When logging on to the system the very first time, a ticket needs to be created which can be used for further requests to prevent additional logon. If the ticket is deleted or expires, you are prompted to logon. It can be seen in httpWatch Trace (Tab Cookies)

  • login/accept_sso2_ticket = 1
  • login/create_sso2_ticket = 2
  • login/ticket_expiration_time (10:00): defines the validity period of an SSO ticket.
Ask a Question