Show TOC Start of Content Area

Background documentation Protecting User Information  Locate the document in its SAP Library structure

Logon tickets are used as authentication "tokens" and should therefore be protected from unauthorized use.

The measures we take for protection include:

·        Logon tickets are only sent to Web servers or SAP Web Application Servers that are located in the same DNS domain as the Web server that issued the ticket.

·        Logon tickets are stored in the Web browser's main memory and are not written to disk. A user's authentication information is therefore no longer available to services after the user closes his or her Web browser.

·        Logon tickets expire after a designated period of time as specified in the profile parameter login/ticket_expiration_time (default = 60 hours).

The measures you should use include:

·        Use HTTPS to protect the communication paths.

·        Define a specific DNS domain where the ticket is to be used.

·        Your end users should protect access to their open Web browsers. In particular, they should activate password-protected screen savers.

 

 

End of Content Area