PQ78640: SESN0008E SESSION ERROR ON LOGOFF WHEN SESSION SECURITY ENABLED

APAR status
Closed as Permanent restriction.

Error description
Logout produces SESN0008E when form logout is used and session
security is enabled.  Customer is using LDAP as registry and
Single Signon (SSO) is enabled.
Keywords: security integration log off out logout msgsesn0008e
Local fix
Ensure all URI's are protected, including the URI for
ibm_security_logout.
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server users who       *
*                 enable session security integration and      *
*                 use Form Logout.                             *
****************************************************************
* PROBLEM DESCRIPTION: Logout may fail if session security     *
*                      integration is enabled.                 *
****************************************************************
* RECOMMENDATION: Secure the URI /ibm_security_logout.         *
****************************************************************
If session security integration is enabled, and logout servlet
is not protected, logout will fail to delete the session.
Problem conclusion
If logout servlet is not protected, no invocation credential
is set in the executed thread, and session manager could not
find security credential for Logout servlet, thus does not
allow Logout servlet to look up session when session security
is integrated.
The work-around is to protect logout servlet,
/ibm_security_logout.
This issue is under reivew and may be resolved in future
releases.
Temporary fix Comments
APAR information
APAR number PQ78640
Reported component name WEBSPHERE AE NT
Reported component ID 5630A2201
Reported release 400
Status CLOSED PRS
PE NoPE
HIPER NoHIPER
Submitted date 2003-09-18
Closed date 2003-11-04
Last modified date 2003-11-04

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros

Fix information

Applicable component levels


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ78640
IBM Group: Software Group
Modified date: Nov 4, 2003