That was hopefully only a temporary issue, please report back if you still encounter issues here.

Can you describe this "first workaround" - What it does and how we know?

I saw a pop-up yesterday informing me that I have been logged out (I certainly had the discussion only open for 10 seconds at that time) Are you talking about this information pop-up or anything else?

Sure! We weren't really able to find a "smoking gun", i.e. a tracable or identifyable single error source even when we tried to reproduce it. Therefore, we needed to implement some measures to fix possible situations which could lead to the erroneous CSRF detection by the core framework of SAP Answers (the infrastructure which is maintained by the external vendor as outlined by Oliver in the other thread).

The first possible situation is that the session identifier which is used to detect CSRF attacks changed over time for whatever reason (e.g. you became logged off and logged on again on another tab) while you are using SAP Answers. Another issue could be that your session expired while you still have one or more tabs open. A third option could be that your client doesn't accept certain cookies or some important session cookies were deleted (e.g. by a add-on/plug-in or manually).

We now check continuously in the background while you use SAP Answers if the session identifier has changed. In case it has changed and you are still or again logged on we repair the state of the page silently so that you don't lose data and you are not bugged with pop-ups. In case you were logged off, we notify you so that you can save your data in case you started to create or edit a post. In case your session data has become completely invalid, we also inform you and ask you to logoff and logon again after you have saved your data. That's basically the first version.

So you're now saying that you got the popup already after having a discussion open for only 10 seconds. Do you still remember if you had other SAP Answers tabs opened? Moreover, it would be interesting which browser (including add-ons) you are using and if your machine just recovered from standby... Especially if you can reproduce it somehow.

Thanks and best regards, Sebastian

It can be that I had other questions open. That's is very usual for me. I am using the Chrome browser, with AdBlock, Cisco Webex Extension and RSS Reader. I can't really reproduce it, I just realized that I did not have a loss for many days, because after I finish writing I do a Ctrl+C to avoid this potential loss. It looks too me that this activity is giving a breathless server some time to accept finally the answer without running into that issue.

Test comment to reproduce the issue!

Interesting bug:

I have created test comment to reproduce the old bug (with long delay before final posting). It was saved without issues. Then I selected Delete for the mentioned comment. It was not deleted and now I have no option to delete it 🙂

Seems that there was an issue during deletion... I restored the statuses, please try again.

Looks like it was some temporary issue - just created new comment and was able to delete it!

Hello Sebastian,

I just had this issue while answering a question. Twice I got the error and both times I lost my content (second time around I was smart enough to copy it before submitting). After refreshing the whole page I could finally post my answer.

So something still seems to be amiss.

.

Regards,

Steffi.

Hi Steffi,

I'm really sorry for that! Didn't you get at least a popup which informed you about the session inconsistency? Could it be that the time to write your answer took less than a minute?

Anyway, any information which could help us to identify the root cause would be highly appreciated. We're especially looking for actions which you did before you started answering the question (e.g. following a link form another page, long inactivity etc.), which other tabs related to the SAP Community you had still open and which browser incl. add-ons you are using.

Thanks in advance and best regards, Sebastian

Hello Sebastian,

I use IE11 with no add-ons (I know of).

No popup appeared. Just the message Jürgen posted in the start post after I submitted my answer.

It took me a bit more than a minute to write the answer, because I checked some info in my system while doing so.

I jumped to the question via the q&a overview page (https://answers.sap.com/index.html) having it filtered by my followed tag "SAP Identity Management" (so the url would be https://answers.sap.com/tags/01200615320800000721).

I wasn't inactive while writing it. Took me probably less than 10 minutes to finalize it; during that time I still changed and added to the content, so no real inactivity.

Sadly I don't remember having any other SCN tabs open at the time. Maaaybe the CC (https://answers.sap.com/content/kbentry/list.html) or my Notifications (https://activities.sap.com/#/notifications).

Hope this helps a bit. 🙂

.

Regards,

Steffi.

OK, nothing special concerning your local environment and it took longer than a minute to write. You should have received a notification in case the session became invalid. So either the session became invalid in the last minute before you posted the answer or you have enabled some kind of blocker for messages in your browser.

Anyway, it seems that we need to refine the workaround a bit. Thanks for the reply and again sorry!

Best regards, Sebastian

Hi Sebastian,

Can you look on https://answers.sap.com/questions/129954/bug-missing-delete-commentanswer-option.html

Happened second time!