PQ60717: AFTER PQ43476 , SSL AUTHENTICATION COOKIE FAILS WITH IE 5.0 ON THE MACINTOSH

APAR status
Closed as program error.

Error description
The WCS_AUTHENTICATION_ID cookie sets the secure flag
so it will only run in an SSL session. There is a defect with
WebSphere Application Server where the flag gets set without
a preceding space when the cookie flag is formatted. As a result
 IE 5.0 On the Macintosh does not read this parameter correctly
and Session Management will fail in an SSL Session.
-
This issue was fixed in PQ43476 and included in WAS 3.5.3
However, this is a regression issue in WAS 3.5.4.  Customer
is seeing this problem in WAS 3.5.4.  Need efix for WAS
3.5.4. Customer is running WAS 3.5.4 on  NT sp6a
Local fix
The only workaround is for the customer to downgrade to
WAS 3.5.3.
Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 versions 3.5.0 - 3.5.6 (inclusive) and       *
*                 Internet Explorer running on Macintosh       *
*                 machines.                                    *
****************************************************************
* PROBLEM DESCRIPTION: IE on a Mac will not function properly  *
*                      when it encounters a site using SSL     *
*                      and WebSphere.                          *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The cookie spec does not state whether or not a space needs
to be inserted between the ; seperator and the word "secure"
when submitting cookies over a secure connection.  All
browsers on all platforms seem to function the same regardless
of the space.  IE on Macs needs to have the space to operate
correctly.  Most users will notice this problem when using
IE on a Mac and the WebSphere Single-Sign-On example code.
Problem conclusion
Modified WebSphere's cookie handling code to always submit
cookies over SSL connections with a space since this works
with ALL browsers on ALL platforms.
Temporary fix Comments
APAR information
APAR number PQ60717
Reported component name WEBSPHERE AE AI
Reported component ID 5630A2200
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-05-01
Closed date 2002-05-09
Last modified date 2002-05-16

APAR is sysrouted FROM one or more of the following:
PQ59550

APAR is sysrouted TO one or more of the following:

Modules/Macros
ENGINE          

Fix information
Fixed component name WEBSPHERE AE AI
Fixed component ID 5630A2200

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ60717
IBM Group: Software Group
Modified date: May 16, 2002