PK25584: WebSphere creates new session id , if it receives a cookie name that ends with JSESSIONID | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
APAR status Closed as program error. Error description session management is responsibility of the app server, in this case. so every session should have its own session id. When a client goes to Weblogic, webLogic issues a session id ( say abc_JSESSIONID_xyz). Now the client goes to WAS to invoke a servlet, technically WAS should issue a new session id ( say JSESSIONID). Now every time client does a refresh on a browser, the WAS issues a new session ID. Because WebLogic session id contains the word (JSESSIONID), I think the WAS parses that , obviously it is not the session issues by WAS, so it issues a new session ID. This is a problem for security applications and any e-commerce application.Local fix Chnage the name of weblogic session id.Problem summary **************************************************************** * USERS AFFECTED: Any WebSphere Application Server users using * * session management * **************************************************************** * PROBLEM DESCRIPTION: Every time client does a refresh on a * * browser, the application server * * issues a new session ID. * **************************************************************** * RECOMMENDATION: * **************************************************************** The application server creates a new session id whenever it receives a cookie name that contains the text "JSESSIONID".Problem conclusion Fixed the HTTP Request logic in the transport to avoid this problem.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: PQ85565 APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 00W
Software edition:
Reference #: PK25584
IBM Group: Software Group
Modified date: May 25, 2006
(C) Copyright IBM Corporation 2000, 2008. All Rights Reserved.