PQ63281: AFTER PQ54217 IF A GETSESSION, THEN AN INVALIDATE, THEN ANOTHER GETSESSION IS DONE IN SAME SERVLET, THE SESSIONID WILL BE REUSED

 A fix is available

4.0.5: WebSphere Application Server Version 4.0 Fix Pack 5 (Version 4.0.5)



APAR status
Closed as program error.

Error description
In WAS 4.0.3, a regression defect was introduced in the session
manager. The sessionid will be reused if a getSession is done,
the session is invalidated, and then another getSession is done.
In this scenario, the second getSession should result in a new
sessionid being generated.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server -- Session      *
*                 Manager Users                                *
****************************************************************
* PROBLEM DESCRIPTION: In the scope of a service method, if a  *
*                      session is invalidated and requested    *
*                      for again, the session id was being     *
*                      reused for the new session object.      *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
In a servlet/jsp, if a session is invalidated and a new session
is requested in the scope of the same service method a new
session object should be returned with a new session id.
This was not happening and the old session id was being reused
for the newly created session object.  This has been fixed so
that a new session id is assigned to the newly created session
object.
Problem conclusion
This problem was caused by a fix which went into 4.0.3 and
does not occur on earlier PTF's. The session id will not be
reused after it gets invalidated in the service method.
Temporary fix
PQ63281.jar
Comments
APAR information
APAR number PQ63281
Reported component name WEBSPHERE AE NT
Reported component ID 5630A2201
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-07-17
Closed date 2002-07-30
Last modified date 2002-08-07

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
SESSIONS          

SRLS

Fix information
Fixed component name WEBSPHERE AE NT
Fixed component ID 5630A2201

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ63281
IBM Group: Software Group
Modified date: Aug 7, 2002