APAR status
Closed as program error.
Error description
Although
PQ94384 fix is for preserving parameters of POST
command, it creates httpsession even GET request and leave it
alone.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server versions 5 and *
* 6 users who are using form login method. *
****************************************************************
* PROBLEM DESCRIPTION: Potential Out of Memory situation when *
* large number of POST requests come to *
* the server. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
Since WebSphere Application Server stores POST parameters into
HTTP Session when an incoming request is redirected to a form
login page for authentication, if a large number of users are
trying to log in concurrently, WebSphere Application Server
consumes all of available heap space and eventually starts
failing login process.
Problem conclusion
The code is modified to store POST parameters to cookie which
is the default. The following global security custom property
can be used to override the default behavior:
Property Name:
"com.ibm.websphere.security.util.postParamSaveMethod"
Values:
"Cookie" - POST parameters are stored in cookie. This is the
default after applying this APAR fix.
"Session" - Post parameters are stored in HTTP Session. This
is the original behavier.
"Disable" - Post parameters are not preserved.
The fix for this APAR is currently targeted for inclusion
in fixpacks 5.1.1.12, 6.0.2.15 and 6.1.0.3.
Please refer to the recommended updates page for delivery
information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix Comments
APAR information |
APAR number |
PK25709 |
Reported component name |
WAS NETWRK DEPL |
Reported component ID |
5630A3601 |
Reported release |
00A |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2006-05-29 |
Closed date |
2006-08-17 |
Last modified date |
2006-10-16 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
|
Fix information |
Fixed component name |
WAS NETWRK DEPL |
Fixed component ID |
5630A3601 |
Applicable component levels |
R003 PSY |
UP |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00P PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
R10A PSY |
UP |
R10H PSY |
UP |
R10I PSY |
UP |
R10P PSY |
UP |
R10S PSY |
UP |
R10W PSY |
UP |
|