Hi Luk,
If ABAP side has enabled HTTP security session management, you have to set the same for EP, so that EP can connect to ABAP with corresponding "protocol".
You can check the ABAP side as per note 1322944.
Usually I'd check HTTP Watch trace and in case there's a cookie "SAP_SESSIONID_<SID>_<CLNT>" - that's it Image may be NSFW.
Clik here to view.
LB should not be a concern for most cases - it should pass everything honestly.
But make sure the pop-up blocker is disabled for concerned hosts.
BR, Tom
