PQ58475: WASREQURL IS BEING CLEARED WHEN FORM LOGIN USER USES INCORRECT USERNAME/PASSWORD WHEN FIRST LOGGING IN | |||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||
APAR status Closed as program error. Error description Environment: WebSphere Application Server 4.0.2 Advanced Edition (AE) . Description: When using form based login, if a user logging in through a form uses an incorrect username/password, the WASREQURL is cleared, so that even if they are asked to login again and use valid username/password, they won't be redirected to the secure resource they are trying to access in the first place.Local fix Problem summary **************************************************************** * USERS AFFECTED: All WebSphere Application Server users of * * Form Login for user authentication * * challenge and LTPA (either LDAP or Custom) * * for a user registry. * **************************************************************** * PROBLEM DESCRIPTION: URL redirect information is cleared on * * a failed login. * **************************************************************** * RECOMMENDATION: * **************************************************************** URL redirect information is cleared on a failed login when using Form Login. This behavior is undefined as to whether or not the information should be cleared or not. However, the behavior is inconsistent between Local OS and LTPA based user registries. The result of the redirect information being cleared is two fold. 1. If the user fails authentication, then uses the browser back button to go back to reauthenticate (which is the intuitive method for a user to use), the user can authenticate but will not be redirected to the originally requested URL. 2. If the Web app designer wants to use the relogin page as an authentication page as well, the same restriction applies.Problem conclusion Since the behavior is inconsistent between Local OS and LTPA and it is undefined, the LTPA behavior was changed to match the Local OS behavior as it supplies more function to the user.Temporary fix PQ58475-test-4.02.jarComments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ58475
IBM Group: Software Group
Modified date: Apr 29, 2003
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.