PQ56395: WAS ADDS CACHE-CONTROL AND EXPIRES HEADERS AUTOMATICALLY WHEN A COOKIE IS ADDED. CUSTOMER DOES NOT WANT THESE ADDED.

APAR status
Closed as program error.

Error description
Websphere sets the cache-control and expires headers
automatically when a cookie is added. The customer does not want
these headers set.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server - Servlet       *
*                 Engine Users                                 *
****************************************************************
* PROBLEM DESCRIPTION: Cache-Control and Expires Headers       *
*                      were being added by WAS                 *
*                      when a cookie was being sent to the     *
*                      browser by the Application.             *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Whenever a cookie is returned by the servlet engine to the
browser two headers namely "Expires" and  "Cache-Control" are
added to the HttpResponse. The "Expires" header is being set
to a value of  "Thu, 01 Dec 1994 16:00:00 GMT". With some old
versions of  browsers it was observed that the "Expires"
header was causing the page not to be cached and on subsequent
reloads of the page by clicking on the "Back Button" the
request was being directed to the Application Server since the
page had not been cached.
Problem conclusion
There are two ways of getting aroung this problem :

1. By overriding the "Expires" header and setting it to a
future date in servlets/jsp's whenever cookies are being
added. The following snippet of code illustrates this.

       Cookie cookie = new Cookie("name", "John");
       res.addCookie(cookie);
       res.setHeader("Expires", "Thu, 25 Dec 2002 16:00:00
GMT");

In the above snippet of code the "Expires" header was set to a
future date ie .,  "Thu, 25 Dec 2002 16:00:00 GMT"

2. By suppressing the above mentioned headers using the system
property com.ibm.websphere.cookies.no.header. The instructions
for applying the system property using Administrative console
are as follows :

1.  a. Under WebSphere Administrative Domain, Expand Nodes
    b. Expand Application Servers
    c. Expand Default Server
    d. Expand Process Definition
    e. Select JVM Settings, in the right hand panel under
Advanced Settings, Click on System Properties.
    f. Click New button, Specify Name as
com.ibm.websphere.cookies.no.header and Value as true. Click OK.
    g. Save the configuration changes.

2. Stop the Server
3. Start the Server.
Temporary fix
PQ56395
Comments
APAR information
APAR number PQ56395
Reported component name WEBSPHERE AE NT
Reported component ID 5630A2201
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-01-07
Closed date 2002-01-08
Last modified date 2004-06-04

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:
PQ89746

Modules/Macros
SESSIONS          

Fix information
Fixed component name WEBSPHERE AE NT
Fixed component ID 5630A2201

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ56395
IBM Group: Software Group
Modified date: Jun 4, 2004