Show TOC Entering content frame

Background documentation ABAP Session Identifier Locate the document in its SAP Library structure

The general form of the session identifier complies to the standard W3C proposal as described in “W3C Working Draft WD-session-id-960221” (see also www.w3.org/pub/WWW/TR/WD-session-id.html).

In order to facilitate the dispatching/routing of stateful HTTP sessions, the name of the application server hosting the session is included directly as a part of the session identifier string (see description of  <sap-server-name> below).

Note that the network host name is not sufficient to uniquely determine a specific SAP Web Application Server instance because there may be multiple application servers (even belonging to multiple SAP Systems) running on the same machine. Therefore we include the SAP System name and the SAP System instance number into the SAP server identifier.

This graphic is explained in the accompanying text

<sap-abap-sid> = URL-encode( SID:ANON:<sap-server-name> :<internal-id>-<mode> )

<sap-server-name> = <host-name> _<sap-system-id> _<sap-instance-number>

<internal-id>: Internal session identifier generated using a procedure with a negligible probability of collision. The identifier is encoded using Url64, a variant of the widely used Base64-encoding scheme that does not use the slash-character for compatibility with URI-path strings (see section The Url64 encoding scheme for a description).

Note that, as far as dispatching/routing of stateful HTTP requests is concerned, the only part of the session identifier that is needed is the <sap-server-name> string.

ExampleExample

SID:ANON:ls3022_BIN_12:VXJs82VIOdbyJChzNHUbrFGpo275YjC3XTsuZ4P0-ATT

This (URL-decoded) example identifies a session residing on an application server of the SAP System “ BIN” located on host “ ls3022” with SAP instance number 12. (Note that, when present in an actual HTTP-header, the colons “:” would be URL-encoded as “%3a”.)

Session ID as Cookie

This graphic is explained in the accompanying text      

Cookie: sap-contextid=<sap-abap-sid>

Session ID in URL

As opposed to standard J2EE URL-rewriting, the ABAP session IDs, when part of the URL, are represented in a proprietary encoding scheme (SAP URI parameter encoding) basically consisting of a Url64-encoded list of name-value pairs (each value itself URL-encoded) enclosed in parentheses (“()”) embedded between URL-path segments.

This graphic is explained in the accompanying text

<uri-path-segment> “(“ <Url64-encoded-name-value-pairs> “)” “/”…

<Url64-encoded-name-value-pairs> = Url64-Encode( <name-value-pairs> )

where <name-value-pairs> is a list of ampersand-separated name-value-pairs analogous to the standard HTTP query parameters (following the question mark (“?”) at the end of the URL) in the form <name> =URL-Encode( <value> ). See also RFC 2396; section 3.4 “Query Component”.

ExampleExample

/sap(bD1lbmcmcz1NWVNJRA==)/myapplications/foo/bar

where the Url64-encoded string bD1lbmcmcz1NWVNJRA== translates to the following list of name-value-pairs:

    l=eng&s=MYSID  (in general, the “value”-part of each pair is URL encoded)

The name of the name-value-pair denoting the session identifier is “s”. There may be other name-value-pairs present such as “l” (for sap-language). Only single-character names are used in order to save space when the strings are included into the URL.

 

Leaving content frame