Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Retrieving unique id for ICF security session in http handler?

Go to solution
Former Member

‎2015 Apr 21 3:09 PM

0 Likes
1,597

Hi,

We're implementing a check in an http handler which should only be executed once for an ICF security session.

HTTP Security Session Management is activated in the system (ref Activating HTTP Security Session Management on AS ABAP - User Authentication and Single Sign-On - SA... )

We need to get a unique id for the security session so that we can store a value indication that the check has been performed.

The HTTP handler where our code is running has as input an object implementing the IF_HTTP_SERVER interface (runtime class is CL_HTTP_SERVER_NET).

Here's our findings so far:

  1. The client sends a unique id in the cookie SAP_SESSIONID_<sid>_client , but this is not accessible in the HTTP handler.
    (which is good due to security considerations)
  2. CL_HTTP_SERVER_NET has the security session id in an attribute M_SECURITY_SESSION_COOKIE, but this is protected and therefore not accessible
  3. IF_HTTP_SERVER has a session_id, but this changes on every request (the icf application is stateless and session_id here is not the ICF security session id)
  4. Function module TH_GET_SESSION_ID has a session_id, but this changes on every request (so is not the ICF security session)
  5. The ICF security session is stored in table security_context. Here the field ID is a context id that has been converted from sessionid.It's therefore a unique id for the session id and fit for our purpose. However, there may theoretically be more than one session pr user.Is there a direct way of getting the current context id from the current session?

Any input?

Regards

Dagfinn


1 ACCEPTED SOLUTION
Read only

Go to solution
Former Member

‎2015 Apr 21 5:21 PM

0 Likes
848

Have you tried



data ls_context type security_context.




try.


    call method cl_http_security_session_admin=>get_current_session_context


      receiving


        context = ls_context.


  catch cx_http_security_session_admin .


endtry.
2 REPLIES 2
Read only

Go to solution
Former Member

‎2015 Apr 21 5:21 PM

0 Likes
849

Have you tried



data ls_context type security_context.




try.


    call method cl_http_security_session_admin=>get_current_session_context


      receiving


        context = ls_context.


  catch cx_http_security_session_admin .


endtry.
Read only

Go to solution
Former Member
In response to Former Member

‎2015 Apr 21 7:11 PM

0 Likes
848

Great!

This seems to be what we where looking for.