Skip to end of metadata
Go to start of metadata

If the HTTP Security Session Management is activated (see transaction SICF_SESSIONS), session contexts are saved in a local cache, so that session inactivity timeout monitoring can be performed. This cache has a fixed size. If there are not any free cache entries available when the new HTTP Security Session is created, the error "HTTP security context cache is full" is triggered. The current used capacity of the local server cache is displayed in the transaction SM05.

 

To resolve the problem in acute circumstances, you should reduce the retention period of the cache entries by setting the profile parameter http/security_session_timeout to a lower value. Transaction RZ11 allows you to dynamically change this value, in other words, without restarting. To avoid the problem, you should either increase the cache size (profile parameter http/security_context_cache_size) and/or reduce the cache retention period (profile parameter http/security_session_timeout).

 

If the majority of the security sessions in SM05 belong to specific ICF services (for example polling services), for which HTTP Security Session Management is not needed, then it may be an option to deactivate Security Session Management for the affected ICF services. This can be adjusted in the transaction SICF, on the tab Logon Data, with the dropdown field "Security Sessions" - see SAP Note 1947241 for details. In general, SAP recommends to keep HTTP Security Session management active as a client wide setting (transaction SICF_SESSIONS). The before mentioned deactivation should apply only to specific services, for which session management is not needed. For background information about Security Session Management, see SAP Note 1322944.

 

Note: If the HTTP security session management is active in the system, the parameter login/create_sso2_ticket should be adjusted to "3" (Generate assertion ticket). The settings "1" and "2" (Generate SSO ticket) are likely to interfere with the automatic logoff functionality of the security session management. This may lead to HTTP sessions getting stuck in SM05, which may cause "HTTP security context cache is full" errors.

 

Related SAP Notes/KBAs

SAP Note 1322944: ABAP: HTTP security session management

SAP Note 1562004: Option: Issueing assertion tickets without logon tickets

SAP Note 1947241: Setting secure session restriction for a specific ICF service

SAP Note 1899896: Security Sessions / Application Sessions - and timeouts

 

1 Comment

  1. Kindly refer to the recently released note 2760552 which provides insights on root causes and proper countermeasures.