WebSphere Application Server APAR # PQ47663 WebSphere Release: 3.5.2/3.5.3 Abstract: This apar replaces PQ40815, PQ42166 and PQ44646 by including the following: New Fixes are - Session id generation is more random - Fixes null pointer exceptions in invalidation path - Fixes DB2 out of handles exceptions in invalidation path - Makes authorization association with session configurable using system property - Fixes creation of multiple session contexts for same webapp under stress start. Fixes included from earlier APARS are: - Deadlocks with multi-row and cache on for persistent sessions.(PQ40815) - Removal of select for update (PQ42166) - Proactive cleanup of cache (PQ42166) - Fixes for manual update null ptr's and deadlocks (PQ42166) - Serializing of invalid threads (PQ42166) - Database schema change that now allows the "property name" (PQ42166) (e.g. putValue ("propertyname", propertyValue) to be up to 64 characters long. Also, a Web Application name of up to 64 characters is also now supported. - Oracle OCI workaround (PQ42166) - Oracle out of cursors fixed (PQ42166) - getValueNames() throws ClassCastException when remove is called in same request(PQ44646) - Closes preparedstatements on exceptions(PQ44646) - added better cleanup of database resources when java exceptions occur during http session processing(PQ44646) - better tolerance for ClassNotFoundExceptions with http session persistence (minimize impact to other operations) (PQ44646) - fixed problems with invalid cache entries and IllegalStateExceptions when cleaning up the http session cache on the invalidator thread (PQ44646) - fixed synchronization problem with calls to sync() when manual update is configured (lead to timing bugs and intermittant exceptions)(PQ44646) Please also review the Http Session Best Practices Guide included in this package. **********************VERY IMPORTANT NOTE********************************** THE SESSIONS DATABASE TABLE MUST BE DROPPED BEFORE THIS EFIX IS APPLIED!!!! *************************************************************************** Installation: 1. Copy PQ47663-352-0406.jar to a directory, such as WebSphere\AppServer\efix 2. Add the directory/jar file to the beginning of the admin server's classpath in WebSphere\AppServer\bin\admin.config : com.ibm.ejs.sm.adminserver.classpath=C:/WebSphere/AppServer/efix/PQ47663-352-0406.jar;C:/WebSphere.... 3. Restart the WebSphere Application Server. TO TURN OFF THE AUTHORIZATION ID ASSOCIATION WITH HTTPSESSION: On Command line arguments of Application Server instance, specify system property HttpSessionSecurity=false and apply the changes and then start the Server instance. For example, in Administrative Console, Select "Default Server",and in Command line arguments specify -DHttpSessionSecurity=false