Generated by Jive on 2014-07-18+02:001

Portal logoff does not terminate the backendsession and user2 can see the details ofuser1 on portal

You are using appintegrator iviews to integrate backend applications on portal. User1 logs on to the portal andaccess business applications through iviews. User1 logs off from the portal and does not close the browserwindow. Now User2 logs on to the portal and access the same application and User2 can see the details whichshould be available to User1 only.

It's a very common issue and the KBA 1717945 has been released, but customers do not follow the steps as inthe KBA.

Important Points before raising an incident on service market place:1. Check if Pop-up Blocker for portal hostname is enabled. After you logged to the SAP Portal, you are

advised to disable Pop-up Blocker for portal hostname for proper functioning of session release.Open Pop-up blocker settings in the browser and check it.

Portal logoff does not terminate the backend session and user2 can see the details of user1 on portal

Generated by Jive on 2014-07-18+02:002

2. Check portal version and SP level matches the recommended version and SP level as per SAP Note1471069 .1471069 - Security Note - ABAP Security Sessions and SAML 2.01757810 - How to get the complete list of software components on your NetWeaver Application ServerJava

3. Check whether the backend system has enabled HTTP security session management or not. SAP BasisComponent SAP_BASIS should match the version as recommended in SAP Note 1322944.1322944 - ABAP: HTTP security session managementSystem -> Status... -> Component Information

4. Check the property 'ABAP Security Sessions Enabled' to 'Yes' in the portal system object, per Note1471069. Note: if you are not using HTTP Security Session Management on the backend, this valuemust be set to 'No'.System Administration > System Configuration > System Landscape > Open System Object properties

Portal logoff does not terminate the backend session and user2 can see the details of user1 on portal

Generated by Jive on 2014-07-18+02:003

5. Verify that a USR_LOGOFF notification is sent to http:///sap/public/bc/icf/logoff on logofffrom the portal in HttpWatch tace.Also check whether the service /sap/public/bc/icf/logoff is enabled on the backend using transactionSICF.

6. If you are using BSPs, check the property PortalSessionID.If the value of the PortalSessionID property is empty in the BSP iView, enter (including the angle brackets).

Portal logoff does not terminate the backend session and user2 can see the details of user1 on portal

Generated by Jive on 2014-07-18+02:004

Content Administration > Content Management > Portal Content > Browse into your BSP iview and openiview properties