SAP Note 1301591 - HTTP 400 - Session not found (Stateful HTTP communication)

Component : Internet Communication Framework - Authentication and SSO

Solution : https://service.sap.com/sap/support/notes/1301591 (SAP Service marketplace login required)

Summary :
This SAP Note addresses an issue where executing a HTTP request in the Internet Communication Framework (ICF) returns a "HTTP 400 - Session not found" error. It affects applications that require stateful HTTP communication, either via URL rewriting or cookies. The error results when HTTP requests either have invalid logon data or do not match the user data of the existing HTTP session. This issue is observed when security session management is active, generally post-NetWeaver 7.02. To resolve, ensure your application handles logon data correctly for stateful sessions or adjust the ICF configuration for user reauthentication. It's advised to carefully manage changes, noting the implications for transport requests and external alias use.

Key words :
sap internet communication framework team, active security session management, profile parameter icf/user_recheck = 0, internet communication framework, relevant netweaver application server, browser plug-ins, longer work due, terms security noteaccess, security session management, selected icf services

Related Notes :

1532874Upgrade: Changing the HTTP reauthentication
1521197Update #1 to Security Note 1517094
1517094CRM-IC: Session Access Token
1442046HTTP 400 - Session not found (for public & stateful Service)
1436525
1420203Enable foreign access to a stateful HTTP session
1322944
1302734Accessing the HTTP cookie "MYSAPSSO2" fails
1277022
977420ESID handling in the Internet Communication Framework
561793Using a stateful/stateless session in the ICF