PQ54691: REDUCE THE POSSIBILITY OF A SESSION REQUEST IN A FRAMESET OF NOT FINDING THE SESSION OBJECT.


APAR

APAR status
Closed as program error.

Error description
The session manager code does not persist the session object so
that other servlets (threads) can access it until the service
method finishes.  Normally this is ok, but it is possible for a
request, especially in a framed web page, to be received by an
AppServer with the sessionid that has not yet been cached.  This
would result in a request to get the session to return a null
sessionid.
Local fix
You can make sure that you don't flush or overflow your response
buffer so that the service method will finish before the next
request is received.
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server - Session       *
*                 users in a clustered environment             *
****************************************************************
* PROBLEM DESCRIPTION: Session not available on a switch to    *
*                      another clone in a clustered            *
*                      environment on the second request.      *
****************************************************************
* RECOMMENDATION: For such situations the following            *
*                 workarounds can be used :                    *
*                                                              *
*                 1. If possible avoid situations where a      *
*                 second request can come in without the       *
*                 session object having been persisted on      *
*                 the first request. For instance, if your     *
*                 login                                        *
*                 page is a html convert it into a jsp so      *
*                 that the session object which is created     *
*                 in the jsp by default                        *
*                 gets persisted. That way on a switch the     *
*                 second request would be able                 *
*                 to locate the session object even though     *
*                 it would be empty.                           *
*                                                              *
*                                                              *
*                                                              *
*                 2. The customer can remove any explict       *
*                 flush statements in their                    *
*                 code. This will cause the response to be     *
*                 returned only at the end                     *
*                 of the service method. This in conjunction   *
*                 with my fix will ensure                      *
*                 that the session object is available for     *
*                 the next request.                            *
*                                                              *
*                                                              *
*                 3. If the customer is not using explicit     *
*                 flush statements and the                     *
*                 response is getting returned because the     *
*                 buffer is getting filled                     *
*                 up the customer can increase the buffer      *
*                 size in their                                *
*                 servlets/jsp's programatically.              *
****************************************************************
This problem can occur only in a clustered environment. When a
session gets created in a jsp/servlet it was being  persisted
at the end of the service method only after the response was
being written back to the client.  In the meanwhile, if a
second request came in and a switch took place to another clone
there is a possibility that the first clone was not able to
persist the session object in time hence making it unavailable
to the second clone.  This fix will make the session object
to be persisted before the response is flushed back to the
client.  However, in cases where an explicit flush is performed
by the application or the buffer getting filled up the fix will
not be helpful.
Problem conclusion
At the end of the service method as part of servlet post
processing the session is being persisted first and then the
response is written back to the browser.
.
However, the fix is only a partial solution to the problem and
the suggested recommendations will have to be implemented for
a complete solution.
Temporary fix
PQ54691
Comments
APAR information
APAR numberPQ54691
Reported component nameWAS ADVANCED AI
Reported component ID5648C8400
Reported release350
StatusCLOSED PER
PENoPE
HIPERNoHIPER
Submitted date2001-11-12
Closed date2001-11-27
Last modified date2001-11-27

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:APAR is sysrouted FROM one or more of the following:


Modules/Macros
SESSIONS
APAR is sysrouted TO one or more of the following:Modules/Macros

Fix information
Fixed component nameWAS ADVANCED AI
Fixed component ID5648C8400

Applicable component levels
R350 PSYUP











Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, General
Software version: 350
Reference #: PQ54691
IBM Group: Software Group
Modified date: 2001-11-27