PQ87416: webservices client unable to handle more than one cookie with setmanagesession | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
APAR status Closed as program error. Error description The issue here is that the client stub generated by our web services tooling has code in it from the apache axis code base that has a bug in it. Basically the web service client stub allows the client code to require that "session" information (for http this means cookies) be returned to the server. The client achieves this by invoking "setMaintainSession()". The issue is that when this parameter is set on the client stub, it stores http headers in a hashtable. What this means is that if there are two HTTP headers returned from the server with a header name of "Set-Cookie" only the last one processed is remembered by the client. This is an issue because WAS uses separate cookies to maintain http session (JSESSIONID) and security context (LTPAToken). So, we are unable to provide support for returning both these cookies to a WAS server from our web services clients. We need support for this for performance reasons. We obviously will benefit from returning the LTPAToken in situations where there is authentication at the transport level. We will benefit from the JSESSIONID cookie when we need afinity between the client and a particular server in a farm of servers (for example when looking to use CMP caching). Customers see this happening using a JAVA client to access the applications. They see it with both JAVA 1.3.1 and 1.4.1 Anyone using Maelstom will have the problem and it also started when IBM added Axis from the Apache open source code.Local fix There is no local fix/work around according to developerProblem summary **************************************************************** * USERS AFFECTED: WebSphere Application Server users of web * * services * **************************************************************** * PROBLEM DESCRIPTION: Webservices client unable to handle * * more than one cookie with * * setmanagesession * **************************************************************** * RECOMMENDATION: * **************************************************************** The issue here is that the client stub generated by our web services tooling has code in it from the apache axis code base that has a bug in it. Basically the web service client stub allows the client code to require that "session" information (for http this means cookies) be returned to the server. The client achieves this by invoking "setMaintainSession()". The issue is that when this parameter is set on the client stub, it stores http headers in a hashtable. What this means is that if there are two HTTP headers returned from the server with a header name of "Set-Cookie" only the last one processed is remembered by the client. This is an issue because Application Server uses separate cookies to maintain http session (JSESSIONID) and security context (LTPAToken). So, we are unable to provide support for returning both these cookies to a WebSphere Application Server from our web services clients. We need support for this for performance reasons. We obviously will benefit from returning the LTPAToken in situations where there is authentication at the transport level. We will benefit from the JSESSIONID cookie when we need afinity between the client and a particular server in a farm of servers (for example when looking to use CMP caching). Customers see this happening using a JAVA client to access the applications. They see it with both JAVA 1.3.1 and 1.4.1 Anyone using Maelstom will have the problem and it also started when IBM added Axis from the Apache open source code.Problem conclusion Modified storing of HTTP headers to support more than one set-cookie header.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 00W
Software edition:
Reference #: PQ87416
IBM Group: Software Group
Modified date: Jul 20, 2004
(C) Copyright IBM Corporation 2000, 2008. All Rights Reserved.