/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
Starting with composable storefront 221121.1, it can take advantage of an update to the Authorization Code Flow in SAP Commerce Cloud 2211-jdk21.1 that allows to use a custom composable storefront login page instead of the authorization server login page.
After moved to SAP Commerce Cloud 2211-jdk21 and configured custom login page, some users are unable to visit the login page via Safari, Google Chrome in incognito mode, or Microsoft Edge. Comparing the HTTP request headers between a working session and a failing session reveals the following difference:
- Working request (csrf succeeds):
- cookie: JSESSIONID={{JSESSIONID}}; JTENANTSESSIONID_{{tenant}}={{value}}; ROUTE={{route-value}}
- sec-fetch-storage-access: active
- Non-working request (csrf fails):
- no JSESSIONID and ROUTE
- sec-fetch-storage-access: none
No cookie header is present in the failing request, and sec-fetch-storage-access is reported as none instead of active.
Read more...
Environment
- SAP Commerce Cloud 2211 for JDK21
Product
Keywords
login, cookie, JSESSIONID, cross-site, third-party cookie, sec-fetch-storage-access, browser, Safari, incognito, Edge, custom domain, authorization server , KBA , CEC-SCC-PLA-PL , Platform , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)