Skip to Content
0
Former Member
Nov 10, 2008 at 01:59 PM

AS Java Session ID encoding scheme?

148 Views

We are in the process of implementing CRM 5.2 Web Client and are also implementing the B2B ICSS (Internet Customer Self Service) application for our customers and partners. My question is regarding the encoding of session IDs on AS Java. The CRM Web App uses Url64-encoded session IDs so all internal server information for the stateful application is not visible in the URL. The B2B ICSS application is on AS Java, and does not appear to use the same URL encoding scheme for the session ID.

Also, I should note we are using a Web Dispatcher for Reverse Proxy, Load Balancing, and URL Access Control.

ICSS URL (AS Java):

http://[alias hostname]/icss_b2b/resetSession2.do;jsessionid=([internal hostname]_CRD_00)ID0302800850DB00171010904548017364End;saplb_*=([internal hostname]_CRD_00)3491750?Standalone=yes&showmodulename=false

CRM URL (AS ABAP):

http://[alias hostname]/sap(bD1lbiZjPTIwMCZkPW1pbg==)/crm_logon/default.htm

I have referenced the below documentation on ABAP vs Java Session IDs. Does anyone know how/if the AS Java session information can be encoded in the URL so as to mask all internal information?

Session Identifiers:

http://help.sap.com/saphelp_nw70/helpdata/EN/93/33b504f33cb9468bf35f8fbda11294/frameset.htm

thanks,

John

Edited by: Stelling John on Nov 10, 2008 8:11 AM