Skip to Content
0

Logged in with wrong User in SAP Portal

Feb 08 at 09:03 AM

32

avatar image

Hello,

we had several issues, that users enter their own credentials during portal login but are logged in as another user, with all roles in portal and also in the attached backend systems. This issue appears (fortunatly) very rarely and we are not able to reproduce it.

The affected users do not use the same client PC nore do they use a shared client environment. Though it seems, the user gets the session cookie of another user.

Last time I saw both users-ids in the security-log of the portal (login stack) with exactly the same timestamp (microseconds), which looks really strange and unlikely.

The portal is behind a loadbalancer and two webdispatchers.

There are also proxy servers in front of the loadbalancer.

Any ideas, what could cause this issue?

Thanks in advance and best regards,

Thomas

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

3 Answers

Santarshi Samanta
Feb 27 at 06:59 AM
0

Hi Thomas

Its quite strange that the user's are using different client PC and still they are able to see each others information. This issue is mostly seen in same PC when log off do not happen properly

Still can you please have a look at the below KBA :

1717945 - Backend is not logged off upon log off in Portal


Regards

Santarshi Samanta

Share
10 |10000 characters needed characters left characters exceeded
Thomas Clemens Mar 27 at 10:46 AM
0

Hi Santarshi,

unfortunatly this seems not to be the Problem. The SAP call we opened for this issue has reached the development department. They never saw this issue before (in this constellation). We changed the severity of a bunch of trace-locations and hope there is enough data in the files to find the root cause of the issue when it happens again. We also patched the portal to the newest available SPS/PL.

This is a really nasty situation.

Regards

Thomas

Share
10 |10000 characters needed characters left characters exceeded
Fabio Sarmento
Mar 27 at 12:22 PM
0

Hi Thomas,
Do you know whether the PC where the affected users are facing the issue has the pop-up blocker activated?
Did you take an httpwatch and check whether all domains and level of subdomains are the same?

Check the following guided answer also:

https://ga.support.sap.com/dtp/viewer/#/tree/1103/actions/12345

Regards.
Fabio Sarmento

Share
10 |10000 characters needed characters left characters exceeded