Why doesn’t my Session Terminate when I Log out from the Portal?

Session termination might not occur if:

you have a page with two or more Application Integration iViews.

Both iViews load content from the same back-end system.

That system has the ABAP HTTP Security Sessions Enabled property checked (SAP Note 1717945).

This is the first time that content from that back-end system is being pulled since you’ve logged into the portal.

You then perform log out from the portal.

Browsers are getting faster and faster.

In the case of the above scenario response to the first request (for the first iView) may be received after the request to the second iView has been sent:

As a result – two different values of SAP_SESSIONID_XX cookie, which is used by the same back-end, will be generated:

And logoff from the portal will invalidate only one of them, thus leaving the orphaned session opened in the back-end.

We recommend that you try to avoid having such content.

But if that is impossible to avoid, then the following workaround can be used:

1. under the current page create two (or more: one per each iView) pages

2. place each iView into a different page

3. on one of the child pages set Isolation Method property to URL (select this option from the drop-down list)

4. On the other child page set the Isolation Method property to Embedded (select this option from the drop-down list)

This way an additional request will be made in the flow for iView wrapped in the page with Isolation Method set to URL.

And that will slow the process down, so the response to that iView from the back-end will arrive later – after the response to the second iView has been sent.