Retrieving unique id for ICF security session in http handler?

Former Member — Tue, 21 Apr 2015 14:09:48 GMT

Hi,

We're implementing a check in an http handler which should only be executed once for an ICF security session.

HTTP Security Session Management is activated in the system (ref Activating HTTP Security Session Management on AS ABAP - User Authentication and Single Sign-On - SAP Library )

We need to get a unique id for the security session so that we can store a value indication that the check has been performed.

The HTTP handler where our code is running has as input an object implementing the IF_HTTP_SERVER interface (runtime class is CL_HTTP_SERVER_NET).

Here's our findings so far:

The client sends a unique id in the cookie SAP_SESSIONID_<sid>_client , but this is not accessible in the HTTP handler.
(which is good due to security considerations)
CL_HTTP_SERVER_NET has the security session id in an attribute M_SECURITY_SESSION_COOKIE, but this is protected and therefore not accessible
IF_HTTP_SERVER has a session_id, but this changes on every request (the icf application is stateless and session_id here is not the ICF security session id)
Function module TH_GET_SESSION_ID has a session_id, but this changes on every request (so is not the ICF security session)
The ICF security session is stored in table security_context. Here the field ID is a context id that has been converted from sessionid.It's therefore a unique id for the session id and fit for our purpose. However, there may theoretically be more than one session pr user.Is there a direct way of getting the current context id from the current session?

Any input?

Regards

Dagfinn

Re: Retrieving unique id for ICF security session in http handler?

Former Member — Tue, 21 Apr 2015 16:21:52 GMT

Have you tried


data ls_context type security_context.

try.
    call method cl_http_security_session_admin=>get_current_session_context
      receiving
        context = ls_context.
  catch cx_http_security_session_admin .
endtry.

Re: Retrieving unique id for ICF security session in http handler?

Former Member — Tue, 21 Apr 2015 18:11:26 GMT

Great!

This seems to be what we where looking for.

topic Re: Retrieving unique id for ICF security session in http handler? in Application Development and Automation Discussions

Retrieving unique id for ICF security session in http handler?

Re: Retrieving unique id for ICF security session in http handler?

Re: Retrieving unique id for ICF security session in http handler?