PQ65733: SREQUESTEDSESSIONIDVALID METHOD RETURNS TRUE AFTER SESSION IS INVALIDATED

 A fix is available

4.0.5: WebSphere Application Server Version 4.0 Fix Pack 5 (Version 4.0.5)



APAR status
Closed as program error.

Error description
After invalidating a session then the isRequestedSessionIdValid
method return true.  Since the session has been invalidated the
isRequestedSessionIdValid should return false.
To illustrate this consider:
...
// get existing session from HttpServletRequest object named
// request
HttpSession session = request.getSession(false);
...
// invalidate the session
session.invalidate();
...
// following should return false but returns true.
request.isRequestedSessionIdValid()
Local fix
When accessing the session catch the error when accessing the
session.  If recieve IllegalStateException then coder knows that
session is not valid.
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server - Session       *
*                 Manager Users                                *
****************************************************************
* PROBLEM DESCRIPTION: The isRequestedSessionIdValid()         *
*                      method call is returning                *
*                      a value of true even after the          *
*                      session has been invalidated            *
*                      in a servlet's service method.          *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
If a session is invalidated in the service method the
isRequestedSessionIdValid() method on the request object
should return a false value.  This was not happening and the
method was returning a value of true.
Problem conclusion
This fix will cause the isRequestedSessionIdValid() method
to return a value of flase after the session has been
invalidated in the service method().
Temporary fix Comments
APAR information
APAR number PQ65733
Reported component name WEBSPHERE AE NT
Reported component ID 5630A2201
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-08-29
Closed date 2002-09-25
Last modified date 2002-09-25

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
SESSIONS          

SRLS

Fix information
Fixed component name WEBSPHERE AE NT
Fixed component ID 5630A2201

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ65733
IBM Group: Software Group
Modified date: Sep 25, 2002