Page tree
Skip to end of metadata
Go to start of metadata

The HTTP 400 "Session not found" error usually occurs when the backend session is missing, or the browser session can not be connected to the backend session Depending on the release, the error message may also be HTTP 400 "Session Timed Out", so the below explanation is also valid if for unjustified "Session Timed Out" errors - for example, when this error occurs right after the user has logged on, and the timeout period has not yet passed. For more information, please check the following wiki page.


Anonymous logon/Re-authentication

Make sure that there is no User/Password set directly for sicf service /sap/bw/ina, or any of its subnodes like GetServerInfo and GetResponse. 

The User recheck (Re-authentication) is activated/checked based on the following conditions(in the same order as it is written here):

  • if the security session management is active - transaction SICF_SESSIONS (OR)
  • if the profile parameter "icf/user_recheck" is set to 1 (OR)
  • if the flag "Deactivate for Service" is "Yes"

When receiving a HTTP request for an existing HTTP session, the ICF proceeds as follows:

  • If the HTTP request contains invalid logon data, the error code "400 Session not found" is processed.
  • If the HTTP request contains valid logon data but the relevant user is not identical to the user from the existing session, the error code "400 Session not found" is also processed.
  • If the HTTP request contains valid logon data and the relevant user is identical to the user from the existing session, the HTTP request is processed.

It practically means that if anonymous logon is set, but somehow user is still get a logon screen, (for example when creating a connection User/Password is needed to be added in order to save the connection), the logon to the backend will fail (User/Password set in SAC does not fit to the User/Password set for the SICF service), therefore no SAP_SESSIONID is being set by the server. SAP_SESSIONID cookie needs to be part of the POST requests like /sap/bw/ina/Getresponse , which is required for statefull application like SAC BW Live. Therefore POST requests will fail with error BW_INA_GR_NA_ERROR.

For more information about re-authentication, please check the following NOTE:
1301591-HTTP 400 - Session not found (Stateful HTTP communication)

SameSite cookie

If SameSite cookie attribute is not set on the server side, the browser removes the SAP_SESSIONID cookie from the POST requests like /sap/bw/ina/Getresponse , which is required for statefull application like SAC BW Live. Therefore POST requests will fail with error BW_INA_GR_NA_ERROR. For more information check the following page

Load Balancing issue

This situation may occur in systems with multiple application servers, using an HTTP load balancer - such as the SAP Web Dispatcher or third party load balancers like F5.
The solution is described in NOTE 2908290 - Disregard session information for CORS preflight requests. The correction treats OPTIONS requests as stateless (i.e. ignore any session ID). This works, because from the browser point of view, all that matters is that the response code is 200 OK and that the response contains a Access-Control-Allow-Methods header. Therefore, it is not important which app server was processing the OPTIONS requests.

The way how to easily find out that the http request tackles the wrong application server, is being described here.
However session stickiness is important in case of POST requests like /sap/bw/ina/GetResponse calls. The best way would be to implement an iRule that extracts the session ID from the URL and uses it for session stickiness. This is how the SAP Web Dispatcher works.

Timeout parameter configuration

The timeout parameter configuration is described in detail here.

BICS InA LogOff: Dump in Multisession Mode

BICS INA implementation has it own Logoff service (/sap/bw/ina/Logoff). As SAC BW Live can open more than one ABAP session by having HTTP call with suffix sessionviaurl=x, it is also needed that the Logoff service is triggered for each. Without NOTE 2562845-BICS InA LogOff: Dump in Multisession Mode, only one session is closed and the upcoming Logoff calls want to close also the the already closed session that does persist at that point, hence HTTP 400 Session not found error occurs. ABAP dump can also be found in this case in transaction ST22.

Category               ABAP programming error
Runtime Errors         MESSAGE_TYPE_UNKNOWN
ABAP Program           CL_BICS_INA_HTTP_HANDLER_LOGOFCP
Application Component  BW-BEX-OT-BICS-INA
Date and Time          XX.XX.XX XX:XX:XX

  • No labels