APAR status
Closed as program error.
Error description
With the WAS 4.0.x WASReqURL cookie holds only the page
information and not the domain information. When using
getRefererURL
method, it adds the domain info to the WASReqURL cookie. When
accessing
other secured site on the same server, it sets the WASRewURL
with new
page but the old domain info remains as it is and letter when
the page
tries to redirects, it through 404 error message.
Local fix
WorkAround: Application invalidating WASReqURL cookie
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server who have *
* enabled security and are implementing *
* Custom Login via the deprecated class *
* SSOAuthenticator. *
****************************************************************
* PROBLEM DESCRIPTION: The WASReqURL cookie was not *
* automatically removed when using *
* SSOAuthenticator. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
The WASReqURL cookie was not removed while using
SSOAuthenticator to perform custom login. The reason for this
was no domain was specified on the cookie when it was created
but a domain was specified when destroying the cookie. This
caused some browsers not to desctroy the cookie.
Problem conclusion
When destroying the WASReqURL cookie, the domain is no longer
set to match when it is created.
Temporary fix
code review
Comments
APAR information |
APAR number |
PQ88519 |
Reported component name |
WEBSPHERE AE NT |
Reported component ID |
5630A2201 |
Reported release |
400 |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Submitted date |
2004-05-06 |
Closed date |
2004-05-10 |
Last modified date |
2004-05-10 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
SRLS
Applicable component levels |
R400 PSY |
UP |
|