Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
Showing results for 
Search instead for 
Did you mean: 
Active Contributor


As frequent Portal Users we are all aware of the important of session management and the pivotal role it plays towards adherence to security standards and best practices. Undoubtedly we may have all come across problematic scenarios with Session Management in association to the Enterprise Portal and these "problematic" scenarios can be mind boggling and pose serious threats to business processes and operations. In this blog posting we are going to troubleshoot and explore the DSM itself and some issues with different Web Browser Platforms.

What is the DSM?

DSM is short for Distributed Session Manager and is a key player in the whole process of using the Enterprise Portal.  In true essence we can consider the DSM to be a "Special Script" which is solely responsible for handling session management on an individual Portal Page.

DSM Mechanics

So let's say we have a user using the Enterprise Portal on a daily basis. When this user closes the browser window or navigates to another position, the browser sends a mass request to a dedicated portal component to end one or more open sessions (by default DSM.Terminator).

  • This component distributes the corresponding termination commands to the component systems. The Termination command then closes the server session.

To close the sessions, a small additional window is generated in the browser outside the visible screen area. This window is automatically closed after two seconds if the Transmission command has been processed. Since ITS-based services cannot be used directly in session management, the Automatic Server Session Termination works with a wrapper technique. A main page consists of:

  • An iFrame that displays the content coming from the ITS
  • A special script called the Distributed Session Manager (DSM) that is responsible for handling the session management on the page

DSM is simply...

  • Responsible for releasing both back-end sessions and Web Dynpro sessions.
  • If you run a HTTP Watch Trace you can validate the DSM in operation through noting the "DSMTerminator" calls within the trace.

Disabling DSM Popup's

So now we have established that DSM is responsible for session management handling on the page and on some occasions there might be a requirement to make the DSM run silently i.e. hide the popup which signifies its presence. On some occasions performance of the Portal Landscape plays a major role in how long the Popup may remain open and visible. There is an informative blog posting on this topic outlined below for your d cross-referencing:

Just remember that the DSM is not only for releasing backend-sessions but also webdynpro-sessions on the portal host.  The steps on how to disable the popup along with a comprehensive overview on the DSM ARE covered, described and outlined in the following documentation:

  • SAP KBA: 1805818 - How to permanently disable the Session Management alert popup in EP
  • SAP Note: 868477 - Disabling Session Management Alerts
  • SAP Note: 1830713 - Disabling Session Management Alerts in 7.3

As per the documentation outlined above for 7.3 there has been follow on issues with not being able to suppress the popup. In the symptom highlights we see that after disabling the DSM and restarting the Portal or logging out/and subsequently in again the DSM appears once more. In case of a Portal restart the default setting saved in the service configuration:

  • /applications/ for the entry "AlertSessionManagementMismatch" is used.

The path to set the parameter in SAP Netweaver 7.30 portal is as follows (and should be in the same in your instance):

    • /nwa > Configuration > Infrastructure > Application ModulesIn "Module List" search for "" and highlight it. Scroll down to "Web Module Details" and select "Common_Configuration"Scroll down to "Portal Service Details" and set the property called "AlertSessionManagementMismatch" to false.

If web servers and the client applications of the portal run on different domains, this affects important functions of the Client Framework, for example Client Eventing, Client Data Bag, Cross Navigation, Work Protect Mode or Session Management.

A system landscape that covers different domains in addition causes problems regarding the security. This restriction comes from client side(browser) due to the javascript same origin policy, it is not from portal side.

DSM Popup will not close

With Internet Explorer 7+ versions there are documented issues with the DSM Popup remaining open and this can be resolved via the application of:

  • SAP Note: 1401567 - DSM popup window pointing empty.gif does not close on IE7 and above