PK25584: WebSphere creates new session id , if it receives a cookie name that ends with JSESSIONID

APAR status
Closed as program error.

Error description
session management is responsibility of the app server, in this
case. so every session should have its own session id. When a
client goes to Weblogic, webLogic issues a session id ( say
abc_JSESSIONID_xyz). Now the client goes to WAS to invoke a
servlet, technically WAS should issue a new session id ( say
JSESSIONID). Now every time client does a refresh on a browser,
the WAS issues a new session ID. Because WebLogic session id
contains the word (JSESSIONID), I think the WAS parses that ,
obviously it is not the session issues by WAS, so it issues a
new session ID.  This is a problem  for security applications
and any e-commerce application.
Local fix
Chnage the name of weblogic session id.
Problem summary
****************************************************************
* USERS AFFECTED: Any WebSphere Application Server users using *
*                 session management                           *
****************************************************************
* PROBLEM DESCRIPTION: Every time client does a refresh on a   *
*                      browser, the application server         *
*                      issues a new  session ID.               *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The application server creates a new session id whenever it
receives a cookie name that contains the text "JSESSIONID".
Problem conclusion
Fixed the HTTP Request logic in the transport to avoid this
problem.
Temporary fix Comments
APAR information
APAR number PK25584
Reported component name WEBSPHERE BASE
Reported component ID 5630A3600
Reported release 00W
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2006-05-25
Closed date 2006-05-25
Last modified date 2006-05-25

APAR is sysrouted FROM one or more of the following:
PQ85565

APAR is sysrouted TO one or more of the following:

Modules/Macros
session          

Publications Referenced

Fix information
Fixed component name WEBSPHERE BASE
Fixed component ID 5630A3600

Applicable component levels
R00W PSY    UP
R00A PSY    UP
R003 PSY    UP
R00I PSY    UP
R00H PSY    UP
R00S PSY    UP
R103 PSN    UP
R10A PSN    UP
R00P PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 00W
Software edition:
Reference #: PK25584
IBM Group: Software Group
Modified date: May 25, 2006