Showing results for 
Search instead for 
Did you mean: 

HTTP 400 error when opening iview URL from java portal in Chrome

0 Kudos

Hello all,

I have a strange 'HTTP 400 - Session not found' error when opening iview URL from java portal in Chrome. The same is working fine in Internet Explorer. The link which is called is via a webdispatcher and is pointing to a webdynpro service from an ABAP sytem. If I call the webynpro service separately in Chrome, https://sapweb***.com/sap/bc/webdynpro/sap/service***, again it is working fine. If I inspect the page in Chrome, the link which the java portal is trying to open is https://sapweb***.com/sap/bc/webdynpro/sap/service***;sap-ext-sid=3RDUCKYcDqTC3xcFhkMc8A--JaNxy9tRlt.... If I test this, I get the HTTP 400 error response.

Also, in the java logs the following error is generated:

Cannot process an HTTP request to servlet [dispatcher] in [webdynpro/resources/] web application.

[EXCEPTION] Wrong Web Dynpro URL: "../<URL prefix>/<deployableObject>/<application>/xx?..". xx is not allowed without exchange key. Retrieved URI: /webdynpro/resources/

Did anyone encountered this issue or something similar?

Accepted Solutions (0)

Answers (2)

Answers (2)


Hello all, I finally managed to resolve the issue. If someone will have the same issue, the SameSite cookie is causing the issue in Chrome

I applied SAP Note 2887651 - Issues with SameSite cookie handling

Reason and Prerequisites

Google Chrome will roll out an incompatible change regarding the “SameSite” cookie attribute starting Feb 17, 2020. All cross-domain browser scenarios could be critically affected.

I inserted in the webdispatcher the following parameter

Insert the line "icm/HTTP/mod_0 = PREFIX=/, FILE=<rule_file>", where rule_file points to a writable file in your file system

And create a rule_file:

Appendix A: Simplified rule set for pure HTTPS scenarios

If you know that only the HTTPS protocol is used in your scenario, you can use the following simplified rule set. For example, this is the case for all SAP cloud products.

if %{RESPONSE_HEADER:set-cookie} !strcmp "" [AND]

if %{HEADER:user-agent} regmatch "^Mozilla" [AND]

if %{HEADER:user-agent} !regmatch "(Chrome|Chromium)/[1-6]?[0-9]\." [AND]

if %{HEADER:user-agent} !regmatch "(UCBrowser)/([0-9]|10|11|12)\." [AND]

if %{HEADER:user-agent} !regmatch "\(iP.+; CPU .*OS 12_.*\) AppleWebKit\/" [AND]

if %{HEADER:user-agent} !regmatch "\(Macintosh;.*Mac OS X 10_14.*(Version\/.* Safari.*|AppleWebKit\/[0-9\.]+.*\(KHTML, like Gecko\))$"


RegIRewriteResponseHeader set-cookie "^([^=]+)(=.*)" "$1$2; SameSite=None; Secure"

RegIRewriteResponseHeader set-cookie "^([^=]+)(=.*; *SameSite=[a-zA-Z]+.*); SameSite=None; Secure" $1$2

RegIRewriteResponseHeader set-cookie "^([^=]+)(=.*; *Secure.*); Secure" $1$2


Restart the webdispatcher, and the error is gone.

Active Contributor
0 Kudos

Hi Alex

Refer to the SAP Wiki link to troubleshoot the http error.