PQ58475: WASREQURL IS BEING CLEARED WHEN FORM LOGIN USER USES INCORRECT USERNAME/PASSWORD WHEN FIRST LOGGING IN

APAR status
Closed as program error.

Error description
Environment:
WebSphere Application Server 4.0.2 Advanced Edition (AE)
.
Description:
   When using form based login, if a user logging in through a
form uses an incorrect username/password, the WASREQURL is
cleared, so that even if they are asked to login again and use
valid username/password, they won't be redirected to the secure
resource they are trying to access in the first place.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users of    *
*                 Form Login for user authentication           *
*                 challenge and LTPA (either LDAP or Custom)   *
*                 for a user registry.                         *
****************************************************************
* PROBLEM DESCRIPTION: URL redirect information is cleared on  *
*                      a failed login.                         *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
URL redirect information is cleared on a failed login when
using Form Login.  This behavior is undefined as to whether or
not the information should be cleared or not.  However, the
behavior is inconsistent between Local OS and LTPA based user
registries.

The result of the redirect information being cleared is two
fold.
1.  If the user fails authentication, then uses the browser
back button to go back to reauthenticate (which is the
intuitive method for a user to use), the user can authenticate
but will not be redirected to the originally requested URL.
2.  If the Web app designer wants to use the relogin page as
an authentication page as well, the same restriction applies.
Problem conclusion
Since the behavior is inconsistent between Local OS and LTPA
and it is undefined, the LTPA behavior was changed to match the
Local OS behavior as it supplies more function to the user.
Temporary fix
PQ58475-test-4.02.jar
Comments
APAR information
APAR number PQ58475
Reported component name WEBSPHERE AE NT
Reported component ID 5630A2201
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-02-27
Closed date 2002-03-27
Last modified date 2003-04-29

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros

Fix information
Fixed component name WEBSPHERE AE NT
Fixed component ID 5630A2201

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ58475
IBM Group: Software Group
Modified date: Apr 29, 2003