Skip to Content
Dec 16, 2018 at 08:48 PM

SECURITY_CONTEXT clearing for REST Service


Hi Members,

We have a created a custom REST webservice to create material in SAP MDG system.

The service is created via SICF making use of a handler class 'CL_REST_HTTP_HANDLER'.

This service is called by an external non SAP client and uses GET and POST operations to create the material.

As per standard SAP documentation, in the GET call the CSRF token is retrieved and the same is passed in the POST. The service work fine as expected.

However in case of bulk messages from the external system, the HTTP security context cache gets full as every call made by the external system generates a new context.

I went through the earlier posts and have seen that the only way to solve is to increase the cache size or reduce the timeout parameter.

I tried setting the timeout paramter in the SICF service lesser than the parameter http/security_session_timeout. However still it considers only the http/security_session_timeout parameter.

Is there any way to resolve this? How can the session context be deleted immediately once the post call is done?