APAR status
Closed as program error.
Error description
If TAI is configured properly, Webseal provides user information
to WebSphere Application Server / WebSphere Portal Server;
headers iv-user and iv-creds. Based on this, WebSphere is
establishing their own credentials, additionally the session
cookie JSESSIONID will be issued.
If now for any reasons the user's webseal sessions ends, the
original jsessionid cookie is still present in the browser, the
next user authenticating at webseal with a different userid is
presenting the old jsessionid cookie to the Portal (through
webseal). Although webseal provides new user credentials to
WebSphere in the headers mentioned above, WebSphere does not
create a new user context but reuses the old one. That means the
new user runs in the context of the first user.
Error 500: SESN0008E: SessionContext: a user authenticated as
{0} has
attempted to access a session owned by {1}(anonymous,
Local fix Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server and Portal *
* customers. *
****************************************************************
* PROBLEM DESCRIPTION: When Application Server "Security *
* Integration" is enabled, when you *
* access the portal (/wps/myportal), *
* a NullPointerException occurs if you *
* present another user's jsessionid in *
* the cookie. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
This is a defect within the session and webcontainer code
and the problem surfaces to portal customers.
Problem conclusion
Webcontainer and session code have been corrected.
The fix for this APAR is currently targeted for inclusion
in 5.02.12 and 5.1.1.5.
Please refer to the recommended updates page for delivery
information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix Comments
APAR information |
APAR number |
PK01801 |
Reported component name |
WAS BASE 5.0 |
Reported component ID |
5630A3600 |
Reported release |
00S |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2005-02-28 |
Closed date |
2005-05-31 |
Last modified date |
2005-05-31 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
|
Fix information |
Fixed component name |
WAS BASE 5.0 |
Fixed component ID |
5630A3600 |
Applicable component levels |
R003 PSY |
UP |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00P PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
R103 PSY |
UP |
R10A PSY |
UP |
R10H PSY |
UP |
R10I PSY |
UP |
R10P PSY |
UP |
R10S PSY |
UP |
R10W PSY |
UP |
|