Skip to Content

Xsjs + ui5 post user specific data without passing user id

Jan 02 at 04:04 AM


avatar image

Imagine the following scenario:

- I have an ui5 app on which every time the user hits a button, user id, date and time is logged on hanna database (cloud) by calling xsjs service (cloud).

- The credentials to access the xsjs service are maintained in the destination on scp (I understand that such credentials are not user specific, but global, which means it’s the same user/password regardless of the logged in user on ui5 app).

If that’s the case then every time the user presses the button, I have to call the xsjs service and pass user id, date and time. The problem is, since the call is made from the browser, a malicious user could set a break point on the ajax call and change the user id to someone else’s, causing incorrect data to be sent to the backend.

How is this scenario handled on SAP Hana? Is there some kind of session Id that can be passed on a header from the ui5 app to the xsjs service and then get this xsjs service to retrieve user information (user is for example) by querying sap with session id?

Hope my question is clear enough.


10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Best Answer
Dennis Seah
Jan 02 at 06:05 AM


You do not pass the userid from the browser to the xsjs for the reason that you have stated.

in xsjs, you can use $.session.getUsername() to the user id,


10 |10000 characters needed characters left characters exceeded