PQ60717: AFTER PQ43476 , SSL AUTHENTICATION COOKIE FAILS WITH IE 5.0 ON THE MACINTOSH | |||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||
APAR status Closed as program error. Error description The WCS_AUTHENTICATION_ID cookie sets the secure flag so it will only run in an SSL session. There is a defect with WebSphere Application Server where the flag gets set without a preceding space when the cookie flag is formatted. As a result IE 5.0 On the Macintosh does not read this parameter correctly and Session Management will fail in an SSL Session. - This issue was fixed in PQ43476 and included in WAS 3.5.3 However, this is a regression issue in WAS 3.5.4. Customer is seeing this problem in WAS 3.5.4. Need efix for WAS 3.5.4. Customer is running WAS 3.5.4 on NT sp6aLocal fix The only workaround is for the customer to downgrade to WAS 3.5.3.Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * versions 3.5.0 - 3.5.6 (inclusive) and * * Internet Explorer running on Macintosh * * machines. * **************************************************************** * PROBLEM DESCRIPTION: IE on a Mac will not function properly * * when it encounters a site using SSL * * and WebSphere. * **************************************************************** * RECOMMENDATION: * **************************************************************** The cookie spec does not state whether or not a space needs to be inserted between the ; seperator and the word "secure" when submitting cookies over a secure connection. All browsers on all platforms seem to function the same regardless of the space. IE on Macs needs to have the space to operate correctly. Most users will notice this problem when using IE on a Mac and the WebSphere Single-Sign-On example code.Problem conclusion Modified WebSphere's cookie handling code to always submit cookies over SSL connections with a space since this works with ALL browsers on ALL platforms.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: PQ59550 APAR is sysrouted TO one or more of the following: Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ60717
IBM Group: Software Group
Modified date: May 16, 2002
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.