cancel
Showing results for 
Search instead for 
Did you mean: 

Authentication cookie "X-SMP-SESSID"

jangold
Explorer
0 Kudos

Hi,

I would like to know where is the authentication cookie "X-SMP-SESSID" saved.

I am sending request through SMP server, where the user is authorized against LDAP.

Once the request is authorized (using user credentials) my application received the authentication cookie "X-SMP-SESSID" which is used for other communication/requests.

I am using RequestManager for sendind requests (http://help.sap.com/saphelp_smp304sdk/helpdata/en/7c/0af96670061014918bdb57db036f71/content.htm) and I would like to know:

  • where is this cookie stored?
  • can I delete it somehow?
  • has the cookie any expiration and if yes can I set it and if yes where?

Thank you for any information about this cookie,

Jan Gold

Accepted Solutions (1)

Accepted Solutions (1)

Jitendra_Kansal
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Jan,

With the latest release of SMP 3.0 SP04 server, i dont find any need of passing returned cookies (e.g. X-SMP-SESSID) details for further communications. But cookie values were required with SMP 3.0 SP03 runtime.

These cookie values are session specific and are valid till session expires. I have tried with REST API app development approach E2E but without passing above cookie value, i was able to execute. Which SMP server version you are working on?

Regards,

JK

jangold
Explorer
0 Kudos

Hi Jetendra,

I am using SMP 3.0 SP4 PL1.

Where did you find that cookie values were required with SMP 3.0 SP03? If you know about any documentation material please specify the source.

How did you test the REST API? Are you really sure, that your request does not contain this cookie? Try wireshark (Wireshark · Go Deep) and take a look on the requests and responds ;-).

I agree with you, that this cookie is session specific, becouse it used until I finish/kill the application, but I would like to be sure about that, that is why I am looking for any documentation about this cookie.

Regards,

Jan Gold

Jitendra_Kansal
Product and Topic Expert
Product and Topic Expert
0 Kudos

Where did you find that cookie values were required with SMP 3.0 SP03? If you know about any documentation material please specify the source.

Check this thread:

While working on SP04, i didnt pass any returned cookies value for making POST, PUT, delete request and it worked for me.

Maybe , can share more points on this.

Regards,

JK

jangold
Explorer
0 Kudos

Hi Jitendra,

as I can see you are using REST client, fine no problem. I am not using REST client, I am creating android application and I am using RequestManager from latest SDK.

I do not know hou did you set up authorization on SMP but my "problem" is not in making/sending request with method POST, PUT, DELETE.

I just would like to know some detailed information to this cookie as I already mentioned.

Regards,

JG

D_Olderdissen
Advisor
Advisor
0 Kudos

From my understanding, SMP3 is issuing this session cookie and an XSFR token by default. You can set the session time out (default 20 min) in the context.xml - see SAP Help here.

I believethis is "standard" Tomcat behavior and we just renamed the cookie. So by researching how Tomcat handles his session cookie you should be able to figure out where it is stored.

When the session cookie is deleted/removed on the client, I would expect the system to request an authentication again. So if you got your credentials saved, things probably still work as you simply will get  authenticated again and a new session cookie is issued.

My two cents 🙂

Cheers,

Dirk

jangold
Explorer
0 Kudos

Hi Dirk,

thank you at least for information about SMP server.

Anyway I could not find how Tomcat handles session cookies but I finally find out class SUPRoute where are cookies stored in OData SDK.

After deleting this cookies it runs nice and smoothly.

One cent for you and if you do not mind, one cent for me.

Best regards,

JG

Answers (0)