Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
Showing results for 
Search instead for 
Did you mean: 
Product and Topic Expert
Product and Topic Expert
In this blogpost I will describe the steps to fix the Chrome SameSite Cookie issue that can occur with SAP Analytics Cloud and HANA Live Connections using the XS Engine on premise.

I am using Google Chrome 84 and the SameSite Cookie change has come into effect, which prevented a number of my dashboards from rendering.

The impact of this is that you maybe your SAC dashboards aren't loading, perhaps you're seeing these error messages.
Http Status: 403 Forbidden

Error Protocol (#50) Cannot fetch csrf token from server


Chrome Developer Tools has a new "Issues" tab where we can identify these problems.

Figure 1: Chrome Developer Tools, Issues

Samesite cookies have been expertly explained by dong.pan in detail here.

In this blog post I have captured only the steps required for SAC Live Connections to SAP HANA 1.x or 2.x using the XS engine.

1. Create rewrite.txt

This file resides on the HANA filesystem, it should be in somewhere accessible to the HDBADM or equivalent user. Recommended location would be here

The contents of the file is as follows
SetHeader sap-ua-protocol ""
if %{HEADER:clientprotocol} stricmp http [OR]
if %{HEADER:x-forwarded-proto} stricmp http [OR]
if %{HEADER:forwarded} regimatch proto=http

SetHeader sap-ua-protocol "http"

if %{HEADER:clientprotocol} stricmp https [OR]
if %{HEADER:x-forwarded-proto} stricmp https [OR]
if %{HEADER:forwarded} regimatch proto=https

SetHeader sap-ua-protocol "https"

if %{HEADER:sap-ua-protocol} strcmp "" [AND]
if %{SERVER_PROTOCOL} stricmp https

SetHeader sap-ua-protocol "https"

if %{RESPONSE_HEADER:set-cookie} !strcmp "" [AND]
if %{HEADER:sap-ua-protocol} stricmp https [AND]
if %{HEADER:user-agent} regmatch "^Mozilla" [AND]
if %{HEADER:user-agent} !regmatch "(Chrome|Chromium)/[1-6]?[0-9]\." [AND]
if %{HEADER:user-agent} !regmatch "(UCBrowser)/([0-9]|10|11|12)\." [AND]
if %{HEADER:user-agent} !regmatch "\(iP.+; CPU .*OS 12_.*\) AppleWebKit\/" [AND]
if %{HEADER:user-agent} !regmatch "\(Macintosh;.*Mac OS X 10_14.*(Version\/.* Safari.*|AppleWebKit\/[0-9\.]+.*\(KHTML, like Gecko\))$"

RegIRewriteResponseHeader set-cookie "^([^=]+)(=.*)" "$1$2; SameSite=None; Secure"
RegIRewriteResponseHeader set-cookie "^([^=]+)(=.*; *SameSite=[a-zA-Z]+.*); SameSite=None; Secure" $1$2
RegIRewriteResponseHeader set-cookie "^([^=]+)(=.*; *Secure.*); Secure" $1$2


2. Webdispatcher.ini Parameter

Using HANA Studio, connect to the SYSTEMDB

Navigate to the Configuration -> WebDispatcher -> Profile

Figure 2: HANA Studio, Add Parameter

Add a new System Parameter

Figure 3: Assign Values to System

Change the FILE path as appropriate, to match your rewrite.txt. In my case the HANA SID is HDB.
## Key

## Value
PREFIX=/, FILE=/hana/shared/<SID>/profile/rewrite.txt

Figure 4: Add icm/HTTP/mod_0 key


3. Restart webdispatcher Service

For this setting to become active we need to restart the Webdispatcher.
This can be easily done by killing the service. It will then restart automatically

Figure 5: Kill the webdispatcher service

Logout and login to your live HANA based SAC story or Analytical Application. All should now be working again 🙂

If not check the

  • Chrome Developer Tools Console for errors and or issues.

  • Cookies - check to see if any are being blocked