Skip to Content
avatar image
Thomas Clemens

Logged in with wrong User in SAP Portal

Feb 08, 2018 at 09:03 AM | 43 Views

Hello,

we had several issues, that users enter their own credentials during portal login but are logged in as another user, with all roles in portal and also in the attached backend systems. This issue appears (fortunatly) very rarely and we are not able to reproduce it.

The affected users do not use the same client PC nore do they use a shared client environment. Though it seems, the user gets the session cookie of another user.

Last time I saw both users-ids in the security-log of the portal (login stack) with exactly the same timestamp (microseconds), which looks really strange and unlikely.

The portal is behind a loadbalancer and two webdispatchers.

There are also proxy servers in front of the loadbalancer.

Any ideas, what could cause this issue?

Thanks in advance and best regards,

Thomas

SAP Enterprise Portal
cookie | internet explorer | mysapsso2 | jsessionid | session-cookie
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • avatar image
    Santarshi Samanta
    Feb 27, 2018 at 06:59 AM

    Hi Thomas

    Its quite strange that the user's are using different client PC and still they are able to see each others information. This issue is mostly seen in same PC when log off do not happen properly

    Still can you please have a look at the below KBA :

    1717945 - Backend is not logged off upon log off in Portal


    Regards

    Santarshi Samanta

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Thomas Clemens
    Mar 27, 2018 at 10:46 AM

    Hi Santarshi,

    unfortunatly this seems not to be the Problem. The SAP call we opened for this issue has reached the development department. They never saw this issue before (in this constellation). We changed the severity of a bunch of trace-locations and hope there is enough data in the files to find the root cause of the issue when it happens again. We also patched the portal to the newest available SPS/PL.

    This is a really nasty situation.

    Regards

    Thomas

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Fabio Sarmento
    Mar 27, 2018 at 12:22 PM

    Hi Thomas,
    Do you know whether the PC where the affected users are facing the issue has the pop-up blocker activated?
    Did you take an httpwatch and check whether all domains and level of subdomains are the same?

    Check the following guided answer also:

    https://ga.support.sap.com/dtp/viewer/#/tree/1103/actions/12345

    Regards.
    Fabio Sarmento

    Add comment
    10|10000 characters needed characters exceeded