I have a component where we logout a named (anonymous) user, followed by an immediate Login by passing the userName in the header of the request sent to Portal.
We have configured header based authentication. The Logout is done using the following code
IAuthentication auth = UMFactory.getAuthenticator(); auth.logout(httpRequest,httpResponse);
Now what we are noticing is that this seems to work most of the times, except that at few times(5-7%) we get the following error.
com.sap.engine.services.servlets_jsp.server.exceptions.WebSecurityException: Cannot associate security session when the http session has already another security session associated. Logout first. Http session id is [(J2EE31487700)ID0911824150DB10419142157184831361End]. Security session in the http session is [session (230799) for namedAnonymous created at Wed Dec 06 13:38:36 EST 2006]. Security session in thread is [session (231975) for userName created at Wed Dec 06 13:52:32 EST 2006].</i>
I would highly appreciate if somebody can help me what might be going wrong. This is only happening in the producton cluster environment and not really on a single server environment.