Show TOC

Background documentationConfiguring SAP HANA XS Session Security


For session security, SAP HANA XS automatically configures the session cookie xsSessionId with the attribute HttpOnly. However, the attribute secure is not supported. If you use a reverse proxy (instead of SAP Web Dispatcher) in your system landscape, you can add this attribute by configuring the reverse proxy with a header rewrite rule on the Set-Cookie header.

Note Note

A token-based protection against cross-site request forgery (CSRF) is active by default in SAP Gateway and SAP HANA XS SAP Fiori OData services. It protects all modifying requests.

End of the note.

More Information

For more information about defining access to individual application packages in SAP HANA XS, see SAP Help Portal at Start of the navigation path published on SAP site Next navigation step Development and Modeling Next navigation step SAP HANA Developer Guide for SAP HANA Studio Next navigation step Setting Up Your Application Next navigation step Creating the Application Descriptors Next navigation step Enable Access to SAP HANA XS Application Packages End of the navigation path.