|
| Abstract | WebSphere Application Server with iPlanet 4.1 Session Management SessionId and Session Data incorrectly handled from Actual URI when using URL rewriting | | Content | Problem:
iPlanet removes the session information from the actual URI Request. When the plugin looks for the session information at the end of the request it is not there. Background:
Customer was able to reproduce loss of cookie information on second request in the following configurations:- WebSphere Application Server V3.5.4, V3.5.5, and V3.5.6
- iPlanet V4.1 SP7 and SP9
- Solaris 2.6 (but would happen on multiple platforms)
Customer's test procedure:1. User tests with a session enabled servlet. WebSphere ships the BeenThere servlet for testing with sessions.
2. Requests URL: http://localhost/webapp/examples/BeenThere- Enable plugin trace in bootstrap.properties, then stop and restart the webserver prior to testing.
- Specify more than one request in order to reuse the cookie that is issued on the first request.
3. After submitting request, check the plugin trace log for evidence that the cookie was reused. - Below is an excerpt from a plugin trace:
Trace - version=1 Trace - scheme=http Trace - method=GET Trace - protocol=HTTP/1.1 Trace - req_uri=/webapp/examples/BeenThere ... Trace - req_uri=/webapp/examples/BeenThere Trace - query_string=count=100&stats=false&log=false ... Trace - Header 3:connection = Keep-Alive Trace - Header 4:cookie = sesessionid=0001SMQ1VBZ2QZJ1VZQQTVUUFLQ ... - If the session data was lost, session value would be None AND each line in the BeenThere output would have Count = 1.
Analysis of plugin data:
WebSphere plugin trace file (e.g. trace.log.ns....) only informs you that URL Request's "Session Id (null)"
Resolution: - This is not a WebSphere Application Server plugin defect.
- The customer had NSServletNameTrans function specified in their obj.conf file.
- This NameTrans function manipulates the request (removing the sessionId from the URI Request).
- Commenting the below line out in the obj.conf file NameTrans fn="NSServletNameTrans" name = "servlet" will prevent the sessionId from being removed.
- This line is given by activating the servlet engine in iPlanet webserver via the iPlanet admin console. It is activated by default on iPlanet in versions greater than 4.1.0.
| |
| | | Historical Number | 15208
660
706 | |
| |
|
Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, Plug-in Operating system(s): Multi-Platform Software version: 3.5.4, 3.5.5, 3.5.6 Software edition: Advanced Reference #: 1055320 IBM Group: Software Group Modified date: 2002-07-30
(C) Copyright IBM Corporation 2000, 2004. All Rights Reserved.
|