iPlanet Webserver causes Session Id information to be removed from actual URI

Hints and tips
Abstract
WebSphere Application Server with iPlanet 4.1 Session Management SessionId and Session Data incorrectly handled from Actual URI when using URL rewriting
Content
Problem:
iPlanet removes the session information from the actual URI Request. When the plugin looks for the session information at the end of the request it is not there.
Background:
Customer was able to reproduce loss of cookie information on second request in the following configurations:
  • WebSphere Application Server V3.5.4, V3.5.5, and V3.5.6
  • iPlanet V4.1 SP7 and SP9
  • Solaris 2.6 (but would happen on multiple platforms)

Customer's test procedure:
    1. User tests with a session enabled servlet. WebSphere ships the BeenThere servlet for testing with sessions.
    2. Requests URL: http://localhost/webapp/examples/BeenThere
    • Enable plugin trace in bootstrap.properties, then stop and restart the webserver prior to testing.
    • Specify more than one request in order to reuse the cookie that is issued on the first request.
    3. After submitting request, check the plugin trace log for evidence that the cookie was reused.
    • Below is an excerpt from a plugin trace:
      Trace - version=1
      Trace - scheme=http
      Trace - method=GET
      Trace - protocol=HTTP/1.1
      Trace - req_uri=/webapp/examples/BeenThere
      ...
      Trace - req_uri=/webapp/examples/BeenThere
      Trace - query_string=count=100&stats=false&log=false
      ...
      Trace - Header 3:connection = Keep-Alive
      Trace - Header 4:cookie = sesessionid=0001SMQ1VBZ2QZJ1VZQQTVUUFLQ
      ...
    • If the session data was lost, session value would be None AND each line in the BeenThere output would have Count = 1.
Analysis of plugin data:
WebSphere plugin trace file (e.g. trace.log.ns....) only informs you that URL Request's "Session Id (null)"

Resolution:
  • This is not a WebSphere Application Server plugin defect.
  • The customer had NSServletNameTrans function specified in their obj.conf file.
  • This NameTrans function manipulates the request (removing the sessionId from the URI Request).
  • Commenting the below line out in the obj.conf file NameTrans fn="NSServletNameTrans" name = "servlet" will prevent the sessionId from being removed.
  • This line is given by activating the servlet engine in iPlanet webserver via the iPlanet admin console. It is activated by default on iPlanet in versions greater than 4.1.0.
Historical Number
15208
660
706











Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, Plug-in
Operating system(s): Multi-Platform
Software version: 3.5.4, 3.5.5, 3.5.6
Software edition: Advanced
Reference #: 1055320
IBM Group: Software Group
Modified date: 2002-07-30